Search Results (10761 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-1196 1 Mineadmin 1 Mineadmin 2026-04-16 3.1 Low
A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-1197 1 Mineadmin 1 Mineadmin 2026-04-16 3.1 Low
A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in information disclosure. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-21524 1 Microsoft 1 Azure Data Explorer 2026-04-16 7.4 High
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-31837 1 Istio 1 Istio 2026-04-16 7.5 High
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.
CVE-2026-4338 3 Activitypub, Automattic, Wordpress 3 Activitypub, Activitypub, Wordpress 2026-04-16 7.5 High
The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts
CVE-2026-2268 2 Kstover, Wordpress 2 Ninja Forms – The Contact Form Builder That Grows With You, Wordpress 2026-04-16 7.5 High
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater fields, which allows the resolution of `{post_meta:KEY}` merge tags without authorization checks. This makes it possible for unauthenticated attackers to extract arbitrary post metadata from any post on the site, including sensitive data such as WooCommerce billing emails, API keys, private tokens, and customer personal information via the `nf_ajax_submit` AJAX action.
CVE-2006-4223 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
CVE-2006-4136 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
CVE-2006-2384 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."
CVE-2006-1677 1 Maxdev 1 Md-pro 2026-04-16 N/A
MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php.
CVE-2006-0861 1 Michael Salzer 1 Guestbox 2026-04-16 N/A
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog.
CVE-2005-3724 1 Zyxel 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone 2026-04-16 N/A
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
CVE-2005-3088 2 Fetchmail, Redhat 2 Fetchmail, Enterprise Linux 2026-04-16 N/A
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2005-1754 2 Apache Tomcat, Sun 2 Apache Tomcat, Javamail 2026-04-16 N/A
JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
CVE-2004-2748 1 Webtrends 1 Reporting Center 2026-04-16 N/A
viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.
CVE-2004-1923 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
CVE-2003-1560 1 Netscape 1 Navigator 2026-04-16 N/A
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2003-1559 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2003-1555 1 Scoznet 1 Scozbook 2026-04-16 N/A
ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.
CVE-2003-1553 1 Sips 1 Sips 2026-04-16 N/A
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory.