Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49194 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through <= 1.0.4. | |||||
| CVE-2025-12616 | 1 Phpgurukul | 1 News Portal | 2026-04-29 | 2.6 LOW | 3.7 LOW |
| A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used. | |||||
| CVE-2026-40173 | 1 Dgraph | 1 Dgraph | 2026-04-25 | N/A | 9.4 CRITICAL |
| Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line including the admin token configured via the --security "token=..." startup flag. An attacker can retrieve the leaked token and reuse it in the X-Dgraph-AuthToken header to gain unauthorized access to admin-only endpoints such as /admin/config/cache_mb, bypassing the adminAuthHandler token validation. This enables unauthorized privileged administrative access including configuration changes and operational control actions in any deployment where the Alpha HTTP port is reachable by untrusted parties. This issue has been fixed in version 25.3.2. | |||||
| CVE-2025-58598 | 2026-04-23 | N/A | 6.6 MEDIUM | ||
| Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through <= 1.9.8. | |||||
| CVE-2026-2250 | 2026-04-15 | N/A | 7.5 HIGH | ||
| The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system configuration. | |||||
| CVE-2026-33247 | 1 Linuxfoundation | 1 Nats-server | 2026-03-26 | N/A | 7.4 HIGH |
| NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those credentials are visible to any user who can see the monitoring port, if that too is enabled. The `/debug/vars` end-point contains an unredacted copy of argv. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, configure credentials inside a configuration file instead of via argv, and do not enable the monitoring port if using secrets in argv. Best practice remains to not expose the monitoring port to the Internet, or to untrusted network sources. | |||||
| CVE-2025-34081 | 1 Contec | 1 Conprosys Hmi System | 2025-11-04 | N/A | 7.5 HIGH |
| The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System (CHS): before 3.7.7. | |||||
| CVE-2025-27684 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 7.5 HIGH |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Debug Bundle Contains Sensitive Data V-2022-003. | |||||
| CVE-2025-0895 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-07-31 | N/A | 2.4 LOW |
| IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. | |||||
| CVE-2024-22194 | 1 Lfprojects | 2 Case Python Utilities, Cdo Local Uuid Utility | 2024-11-21 | N/A | 2.2 LOW |
| cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. | |||||
| CVE-2024-7569 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | N/A | 9.8 CRITICAL |
| An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. | |||||