A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

CVSS: N/A · CWE: N/A

View on NVD

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file

CVSS: N/A · CWE: N/A

View on NVD

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and manipulation. The attack vector only exists if HTTP/2 support is enabled by setting the feature parameter…

CVSS: 2.3 · CWE: CWE-444

View on NVD

Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure.

CVSS: 6.1 · CWE: CWE-284

View on NVD

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

CVSS: 7.8 · CWE: CWE-502

View on NVD

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.

CVSS: 7.8 · CWE: CWE-502

View on NVD

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.

CVSS: 4.3 · CWE: CWE-538

View on NVD

MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their as…

CVSS: 6.5 · CWE: CWE-284

View on NVD

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social media API credentials: the Instagram OAuth token, Flickr API key, YouTube Data API key, and Facebook…

CVSS: 4.3 · CWE: CWE-863

View on NVD

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.

CVSS: 5.5 · CWE: CWE-126

View on NVD

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.

CVSS: 6.5 · CWE: CWE-1230

View on NVD

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: 3.3 · CWE: CWE-269

View on NVD

In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: 3.3 · CWE: CWE-120

View on NVD

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: 3.3 · CWE: CWE-269

View on NVD

In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: 3.3 · CWE: CWE-269

View on NVD

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: 3.3 · CWE: N/A

View on NVD

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

CVSS: 3.7 · CWE: CWE-208

View on NVD

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information…

CVSS: 7.8 · CWE: CWE-190

View on NVD

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used.

CVSS: 5.3 · CWE: CWE-200

View on NVD

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure.  Successful exploitation requires an attacker to send a specially crafted HTTP request.  This vulnerability affects NI SystemLink Enterprise 2026-04 and p…

CVSS: 9.1 · CWE: CWE-306

View on NVD

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

CVSS: 3.4 · CWE: CWE-201

View on NVD

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages

CVSS: 4.3 · CWE: CWE-863

View on NVD

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to the disclosure of these credentials in various system logs, such as server access logs, reverse proxy…

CVSS: 2.7 · CWE: CWE-598

View on NVD

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays_poll_get_user_information' AJAX action, which serializes and returns the complete WP_User object — including the user_pass (bcrypt password hash), user_email, user_login, user…

CVSS: 4.3 · CWE: CWE-200

View on NVD

Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticated actor in possession of the token to retrieve the associated content after expiration.

CVSS: 5.3 · CWE: CWE-672

View on NVD

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent slab objects.

CVSS: 5.5 · CWE: CWE-125

View on NVD

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds (e.g., glibc), the handler invokes a fixed 60-second CPU profiling operation (dump_cpu_pprof_for(Dura…

CVSS: 8.8 · CWE: CWE-306

View on NVD

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's files…

CVSS: 7.7 · CWE: CWE-59

View on NVD

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue_block_assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key exposure occurs when the premium add-on is also installed and has saved a key; on Lite-only installatio…

CVSS: 4.3 · CWE: CWE-200

View on NVD

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been revoked. Successful exploitation grants the attacker unauthorized access to the victim's account, potenti…

CVSS: 6.8 · CWE: CWE-613

View on NVD

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.

CVSS: 5.3 · CWE: CWE-209

View on NVD

A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password…

CVSS: 6.5 · CWE: CWE-280

View on NVD

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo() on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PHP configuration, server environment variables (including any database credentials, API keys, or appl…

CVSS: 5.3 · CWE: CWE-200

View on NVD

SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce authentication. By navigating cascading interface flows - insecure navigation through exposed routes facilitat…

CVSS: 5.5 · CWE: CWE-285

View on NVD

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.

CVSS: 8.2 · CWE: CWE-1284

View on NVD

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

CVSS: 4.3 · CWE: CWE-200

View on NVD

AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E]…

CVSS: 2.4 · CWE: CWE-288

View on NVD

SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via advertisement or browser intent…

CVSS: 2.4 · CWE: CWE-288

View on NVD

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through exposed routes facilitates app control evasion {I.N.T.E.R.F.A.C.E] via…

CVSS: 2.4 · CWE: CWE-288

View on NVD

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVSS: 7.1 · CWE: CWE-611

View on NVD

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.

CVSS: 7.3 · CWE: CWE-822

View on NVD

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure.

CVSS: 5.8 · CWE: CWE-787

View on NVD

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.0 · CWE: CWE-416

View on NVD

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure.

CVSS: 5.6 · CWE: CWE-200

View on NVD

NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.

CVSS: 7.1 · CWE: CWE-125

View on NVD

NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.8 · CWE: CWE-281

View on NVD

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.8 · CWE: CWE-787

View on NVD

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.8 · CWE: CWE-681

View on NVD

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.8 · CWE: CWE-367

View on NVD

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 7.8 · CWE: CWE-862

View on NVD

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

CVSS: 8.8 · CWE: CWE-416

View on NVD

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of progr…

CVSS: 7.8 · CWE: CWE-787

View on NVD

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS: 7.5 · CWE: CWE-319

View on NVD

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

CVSS: 7.8 · CWE: CWE-502

View on NVD

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.

CVSS: 6.5 · CWE: CWE-669

View on NVD

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.

CVSS: 6.5 · CWE: CWE-669

View on NVD

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix for CVE-2026-35540.

CVSS: 7.2 · CWE: CWE-918

View on NVD

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor wa…

CVSS: 5.3 · CWE: CWE-200

View on NVD

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument cancelledBy/rescheduledBy causes information disclosure. The attack can be initiated remotely. The exploit has been publi…

CVSS: 5.3 · CWE: CWE-200

View on NVD

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-get-order` WC-AJAX endpoints in all versions up to, and including, 4.0.1. The `ppc-create-order` endpoint accepts an arbitrary WooCommerce order ID in the `pay-now` context without validating order o…

CVSS: 8.2 · CWE: CWE-862

View on NVD

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'export_settings' function. This function returns the REST API Secret Key to the attacker in the AJAX JSON response. An attacker who obtains this key can auth…

CVSS: 8.8 · CWE: CWE-269

View on NVD

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS: 5.3 · CWE: CWE-276

View on NVD

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map_meta_cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract draft slider metadata including unpublished media URLs, captions, and slider configuration author…

CVSS: 4.3 · CWE: CWE-200

View on NVD

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.

CVSS: 5.7 · CWE: CWE-200

View on NVD

In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registered models, regardless of their permission level. The issue arises due to the absence of `SearchMode…

CVSS: 6.5 · CWE: CWE-284

View on NVD

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without validation (unlike the regular AnalyticsEndpoint, which checks against an allowlist), causing ORM Field Reference Injection. An authenticated workspace MEMBER can send GET /api/workspaces//saved-ana…

CVSS: 6.5 · CWE: CWE-943

View on NVD

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local File Inclusion. The function calls extract($_params_, EXTR_OVERWRITE) before the require statement that loads the view file. As a result, a caller-controlled _file_ key in the $params array overwrites the internal local variable specifyin…

CVSS: 7.4 · CWE: CWE-20

View on NVD

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution,…

CVSS: 8.1 · CWE: CWE-321

View on NVD

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS: 8.8 · CWE: CWE-29

View on NVD

NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS: 7.8 · CWE: CWE-502

View on NVD

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS: 7.5 · CWE: CWE-548

View on NVD

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, and product content.

CVSS: 5.3 · CWE: CWE-200

View on NVD

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp_localize_script() in post editor contexts without effective masking for low-privilege users. This makes it possible for authenticated attackers, with contributor-level ac…

CVSS: 4.3 · CWE: CWE-200

View on NVD

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure.

CVSS: 8.0 · CWE: CWE-125

View on NVD

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

CVSS: 9.8 · CWE: CWE-288

View on NVD

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.

CVSS: 7.3 · CWE: CWE-288

View on NVD

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

CVSS: 7.5 · CWE: CWE-502

View on NVD

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

CVSS: 6.3 · CWE: CWE-502

View on NVD

NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

CVSS: 7.5 · CWE: CWE-502

View on NVD

Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVSS: 7.5 · CWE: CWE-200

View on NVD

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVSS: 7.5 · CWE: CWE-200

View on NVD

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVSS: 7.5 · CWE: CWE-200

View on NVD

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVSS: 8.6 · CWE: CWE-668

View on NVD

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling p…

CVSS: 6.5 · CWE: CWE-79

View on NVD

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected schedule, the injected HTML renders in their browser, enabling phishing and possibly open redirect att…

CVSS: 5.9 · CWE: CWE-79

View on NVD

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open re…

CVSS: 5.9 · CWE: CWE-79

View on NVD

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected identity, the injected HTML renders in their browser, enabling phishing and possibly open redirect att…

CVSS: 5.9 · CWE: CWE-79

View on NVD

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the Angular template ex…

CVSS: 4.6 · CWE: CWE-1336

View on NVD

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials supplied as secrets, any failed frontend build can expose those secrets in clear text in CI logs and archiv…

CVSS: 1.6 · CWE: CWE-209

View on NVD

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can obtain an access token that should not be available. This vulnerability can also lead to the exposure of these access tokens…

CVSS: 7.1 · CWE: CWE-472

View on NVD

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server within the same realm, the client could bypass authorization checks. This allows the client to perform unauthorized GET,…

CVSS: 6.8 · CWE: CWE-639

View on NVD

A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) resource, to enumerate and harvest personally identifiable information (PII) for all realm users. By sending crafted requests with arbitrary usernames or email values, the endpoint returns full profile…

CVSS: 4.3 · CWE: CWE-1220

View on NVD

HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to exploit Path Traversal techniques to read arb…

CVSS: 7.5 · CWE: CWE-73

View on NVD

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILO_CONFIG_CONTENT can lead to information disclosure. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was c…

CVSS: 4.3 · CWE: CWE-200

View on NVD

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosur…

CVSS: 5.3 · CWE: CWE-200

View on NVD

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups,…

CVSS: 7.5 · CWE: CWE-863

View on NVD

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete header set, including Authorization, Cookie, and other authentication mat…

CVSS: 5.8 · CWE: CWE-201

View on NVD

Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done.

CVSS: 8.1 · CWE: CWE-352

View on NVD

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the information of the file.

CVSS: 5.4 · CWE: CWE-79

View on NVD

An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash

CVSS: 6.9 · CWE: CWE-125

View on NVD