CVE-2025-36051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user.
CVE-2025-52642
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in fur…
CVE-2016-20024
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 director…
CVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz…
CVE-2025-12059
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…
CVE-2025-12699
The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content…
CVE-2025-36058
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow…
CVE-2026-23838
Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `ME…
CVE-2025-61138
Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.
CVE-2021-4471
TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory…
CVE-2016-15056
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next…
CVE-2025-11891
The Shelf Planner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially…
CVE-2025-46602
Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this…
CVE-2025-57734
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
CVE-2025-8452
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the f…
CVE-2024-51977
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /…
CVE-2025-20665
In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for…
CVE-2025-31421
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Srbtranslatin: from n/a through
CVE-2025-31558
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress tailpress allows Retrieve Embedded Sensitive Data.This issue affects TailPress: from n/a through
CVE-2025-31550
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3.