| CVE-2026-56139 |
2026-07-06 |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component.
The camel-undertow HTTP server consumer exposes a muteException option that controls wha… |
| CVE-2026-49365 |
2026-07-06 |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component.
The camel-netty-http HTTP server consumer exposes a muteException option that controls… |
| CVE-2026-53906 |
2026-07-01 |
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrar… |
| CVE-2026-56331 |
2026-06-30 |
Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint that returns HTTP 500 instead of safe 4xx errors when magic_invite_string is invalid. Attackers can tr… |
| CVE-2025-36328 |
2026-06-30 |
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informa… |
| CVE-2026-47775 |
2026-06-26 |
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-… |
| CVE-2026-49979 |
2026-06-24 |
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values an… |
| CVE-2025-59872 |
2026-06-17 |
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a … |
| CVE-2026-47248 |
2026-06-12 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema met… |
| CVE-2026-40997 |
2026-06-11 |
Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to remote SOAP clients through exception messages or callb… |
| CVE-2026-41730 |
2026-06-09 |
Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.
Affected versions:
Spring Data REST 3.7.0… |
| CVE-2025-52611 |
2026-06-04 |
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Speci… |
| CVE-2025-52606 |
2026-06-04 |
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain … |
| CVE-2026-9794 |
2026-05-28 |
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced … |
| CVE-2026-42459 |
2026-05-27 |
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Dat… |
| CVE-2026-1248 |
2026-05-27 |
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. |
| CVE-2024-28765 |
2026-05-27 |
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message i… |
| CVE-2026-9583 |
2026-05-26 |
A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Ex… |
| CVE-2026-45728 |
2026-05-26 |
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly… |
| CVE-2026-5511 |
2026-05-19 |
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.
… |