An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This is
A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecess
Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request.
RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple en
Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve se
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0
A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read enc
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.7.1.
An unauthenticated API endpoint incorrectly exposes
CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could
cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webse
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints.
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the re
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT det
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retr
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surfac
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the UR
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco
A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to in
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site us
A vulnerability classified as problematic was found in Drivin Soluções up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP