Search Vulnerabilities

Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update

RustFS: Unauthenticated RustFS console license endpoint exposes license metadata

Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint

PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page

FacturaScripts: Unauthenticated phpinfo() Disclosure via Installer Endpoint in FacturaScripts

Budibase: Snowflake private key returned unmasked from datasource API to BASIC users

FileRise: TOTP Bypass via Setup Endpoint Disclosing Existing Secret

IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerability

SourceCodester CET Automated Grading System with AI Predictive Analytics SQL index.php information exposure

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which...

NousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosure

calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure

authentik: Non-admin user can retrieve confidential OAuth client_secret via /api/v3/oauth2/access_tokens/

Sanitize team member data returned by API

Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure via REST API Endpoint

Information disclosure vulnerability in ZTE MU5250

Concrete 9.5.0 and below has file usage disclosure via missing permission check in Usage controller

Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header

Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'