Total
515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0059 | 1 Redhat | 2 Network Proxy, Satellite | 2026-04-03 | 4.3 MEDIUM | 4.9 MEDIUM |
| A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords. | |||||
| CVE-2025-71282 | 1 Xenforo | 1 Xenforo | 2026-04-01 | N/A | 7.5 HIGH |
| XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure. | |||||
| CVE-2025-32238 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2026-04-01 | N/A | N/A |
| Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Retrieve Embedded Sensitive Data.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.5. | |||||
| CVE-2025-24552 | 2026-04-01 | N/A | N/A | ||
| Generation of Error Message Containing Sensitive Information vulnerability in paytiumsupport Paytium paytium allows Retrieve Embedded Sensitive Data.This issue affects Paytium: from n/a through <= 4.4.11. | |||||
| CVE-2024-54366 | 2026-04-01 | N/A | N/A | ||
| Generation of Error Message Containing Sensitive Information vulnerability in videogallery Vimeography vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through <= 2.4.4. | |||||
| CVE-2024-50512 | 2026-04-01 | N/A | N/A | ||
| Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through <= 3.10.2. | |||||
| CVE-2026-4633 | 1 Redhat | 1 Build Of Keycloak | 2026-04-01 | N/A | 3.7 LOW |
| A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration. | |||||
| CVE-2026-21783 | 1 Hcltech | 1 Traveler | 2026-03-31 | N/A | 4.3 MEDIUM |
| HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | |||||
| CVE-2026-2484 | 1 Ibm | 1 Infosphere Information Server | 2026-03-31 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages | |||||
| CVE-2026-28786 | 1 Openwebui | 1 Open Webui | 2026-03-30 | N/A | 4.3 MEDIUM |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a `FileNotFoundError` whose message — including the server's absolute `DATA_DIR` path — is returned verbatim in the HTTP 400 response body, confirming information disclosure on all default deployments. Version 0.8.6 patches the issue. | |||||
| CVE-2026-4994 | 2026-03-30 | 2.7 LOW | 3.5 LOW | ||
| A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the local network is required for this attack. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1262 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2026-03-26 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | |||||
| CVE-2026-33065 | 1 Free5gc | 1 Udm | 2026-03-23 | N/A | 5.3 MEDIUM |
| Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks internal error handling behavior and makes it difficult for clients to distinguish between client-side errors and server-side failures. When a client sends a DELETE request with an empty supi (e.g., double slashes // in URL path), the UDM forwards the malformed request to UDR, which correctly returns 400. However, UDM propagates this as 500 SYSTEM_FAILURE instead of returning the appropriate 400 error to the client. This violates REST API best practices for DELETE operations. The issue has been patched in version 1.4.2. | |||||
| CVE-2026-33192 | 1 Free5gc | 1 Udm | 2026-03-23 | N/A | 5.3 MEDIUM |
| Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter. Additionally, the UDM incorrectly translates the PATCH method to PUT when forwarding to UDR, indicating a deeper architectural issue. This leaks internal error handling behavior, making it difficult for clients to distinguish between client-side errors and server-side failures. The issue has been patched in version 1.4.2. | |||||
| CVE-2025-13726 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2026-03-18 | N/A | 5.3 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. | |||||
| CVE-2026-28675 | 1 Opensift | 1 Opensift | 2026-03-18 | N/A | 5.3 MEDIUM |
| OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, some endpoints returned raw exception strings to clients. Additionally, login token material was exposed in UI/rendered responses and token rotation output. This issue has been patched in version 1.6.3-alpha. | |||||
| CVE-2025-47813 | 1 Wftpserver | 1 Wing Ftp Server | 2026-03-16 | N/A | 4.3 MEDIUM |
| loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie. | |||||
| CVE-2026-29110 | 1 Cryptomator | 1 Cryptomator | 2026-03-13 | N/A | 2.2 LOW |
| Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file, not existing file), a log message is created. This issue has been patched in version 1.19.0. | |||||
| CVE-2026-22052 | 1 Netapp | 1 Ontap | 2026-03-13 | N/A | 4.3 MEDIUM |
| ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission. | |||||
| CVE-2026-30835 | 1 Parseplatform | 1 Parse-server | 2026-03-11 | N/A | 5.3 MEDIUM |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter (e.g. [abc) causes the database to return a structured error object that is passed unsanitized through the API response. This leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details. The vulnerability is exploitable by any client that can send query requests, depending on the deployment's permission configuration. This issue has been patched in versions 8.6.7 and 9.5.0-alpha.6. | |||||