Total
475 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41983 | 1 Siemens | 1 Opcenter Quality | 2025-10-23 | N/A | 3.5 LOW |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool. | |||||
| CVE-2025-62397 | 2025-10-23 | N/A | 5.3 MEDIUM | ||
| The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. | |||||
| CVE-2024-41984 | 1 Siemens | 1 Opcenter Quality | 2025-10-22 | N/A | 2.6 LOW |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications. | |||||
| CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-10-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | |||||
| CVE-2024-29059 | 1 Microsoft | 15 .net Framework, Windows 10 1507, Windows 10 1607 and 12 more | 2025-10-21 | N/A | 7.5 HIGH |
| .NET Framework Information Disclosure Vulnerability | |||||
| CVE-2025-62168 | 2025-10-21 | N/A | 10.0 CRITICAL | ||
| Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off. | |||||
| CVE-2022-35715 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-10-20 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202. | |||||
| CVE-2025-40718 | 1 Quiter | 1 Quiter Gateway | 2025-10-18 | N/A | 7.5 HIGH |
| Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information. | |||||
| CVE-2024-44762 | 1 Webmin | 1 Usermin | 2025-10-15 | N/A | 5.3 MEDIUM |
| A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts. | |||||
| CVE-2025-31998 | 2025-10-14 | N/A | 3.5 LOW | ||
| HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service. | |||||
| CVE-2025-55676 | 2025-10-14 | N/A | 5.5 MEDIUM | ||
| Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-0279 | 1 Hcltech | 1 Traveler | 2025-10-10 | N/A | 4.3 MEDIUM |
| HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. | |||||
| CVE-2024-39458 | 1 Jenkins | 1 Structs | 2025-10-10 | N/A | 3.1 LOW |
| When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log. | |||||
| CVE-2025-54291 | 2025-10-02 | N/A | N/A | ||
| Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses. | |||||
| CVE-2025-53803 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-02 | N/A | 5.5 MEDIUM |
| Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-46658 | 1 4cstrategies | 1 Exonaut | 2025-10-02 | N/A | 9.8 CRITICAL |
| An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. | |||||
| CVE-2025-26333 | 2025-09-26 | N/A | 5.9 MEDIUM | ||
| Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure. | |||||
| CVE-2025-48562 | 1 Google | 1 Android | 2025-09-26 | N/A | 5.0 MEDIUM |
| In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2021-47381 | 1 Linux | 1 Linux Kernel | 2025-09-25 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address used in dump error output. | |||||
| CVE-2025-54791 | 1 Openmicroscopy | 1 Omero-web | 2025-09-23 | N/A | 5.3 MEDIUM |
| OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property. | |||||