| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file.
This vulnerability is due to insufficient masking of sensitive information before it is written to system log files. An attacker could exploit this vulnerability by accessing logs on an affected system. A successful exploit could allow the attacker to view sensitive information that should be restricted. |
| IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. |
| IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message. |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. |
| Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. |
| Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. |
| An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. |
| A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames. |
| Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine valid usernames and circumvent rate-limiting or blocking mechanisms. Any organization running a publicly accessible Kanboard instance is affected, especially if relying on IP-based protections like Fail2Ban or CAPTCHA for login rate-limiting. Attackers with access to the login page can exploit this flaw to enumerate valid usernames and bypass IP-based blocking mechanisms, putting all user accounts at higher risk of brute-force or credential stuffing attacks. Version 1.2.46 contains a patch for the issue. |
| Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83 packet and receives a response, any subsequent malformed packet causes the server to crash and become unresponsive. This flaw stems from improper input validation in the server’s UDP packet handler, allowing unauthenticated remote attackers to disrupt service availability. |
| The vulnerability, if exploited, could allow an authenticated miscreant
(with privileges to access publication targets) to retrieve sensitive
information that could then be used to gain additional access to
downstream resources. |
| claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data. The issue has been patched in v1.0.34. |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. |
