Total
8175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32395 | 2025-04-11 | N/A | N/A | ||
| Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec (RFC 9112) does not allow # in request-target. Although an attacker can send such a request. For those requests with an invalid request-line (it includes request-target), the spec recommends to reject them with 400 or 301. The same can be said for HTTP 2. On Node and Bun, those requests are not rejected internally and is passed to the user land. For those requests, the value of http.IncomingMessage.url contains #. Vite assumed req.url won't contain # when checking server.fs.deny, allowing those kinds of requests to bypass the check. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) and running the Vite dev server on runtimes that are not Deno (e.g. Node, Bun) are affected. This vulnerability is fixed in 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13. | |||||
| CVE-2013-3469 | 1 Cisco | 1 Mobility Services Engine | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | |||||
| CVE-2013-6953 | 1 Dotnetblogengine | 1 Blogengine.net | 2025-04-11 | 5.0 MEDIUM | N/A |
| BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | |||||
| CVE-2011-3767 | 1 Oscommerce | 1 Oscommerce | 2025-04-11 | 5.0 MEDIUM | N/A |
| osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php. | |||||
| CVE-2013-5994 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 5.0 MEDIUM | N/A |
| data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2012-1586 | 1 Debian | 1 Cifs-utils | 2025-04-11 | 2.1 LOW | N/A |
| mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. | |||||
| CVE-2013-3953 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-11 | 4.9 MEDIUM | N/A |
| The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | |||||
| CVE-2011-3747 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php. | |||||
| CVE-2013-4778 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2025-04-11 | 7.8 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors. | |||||
| CVE-2011-3447 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. | |||||
| CVE-2011-3810 | 1 Tinywebgallery | 1 Tinywebgallery | 2025-04-11 | 5.0 MEDIUM | N/A |
| TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php. | |||||
| CVE-2011-0031 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 4.3 MEDIUM | N/A |
| The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." | |||||
| CVE-2012-0731 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2011-4760 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 5.0 MEDIUM | N/A |
| Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. | |||||
| CVE-2012-6539 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
| The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2013-1665 | 1 Openstack | 2 Folsom, Keystone Essex | 2025-04-11 | 5.0 MEDIUM | N/A |
| The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. | |||||
| CVE-2012-6536 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state. | |||||
| CVE-2012-1223 | 1 Rabidhamster | 1 R2\/extreme | 2025-04-11 | 5.0 MEDIUM | N/A |
| RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. | |||||
| CVE-2011-3754 | 1 Mambo-foundation | 1 Mambo | 2025-04-11 | 5.0 MEDIUM | N/A |
| Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | |||||
| CVE-2010-3875 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. | |||||