Information Disclosure

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused. No vendor patch available.

libsoup's improper validation of HTTP Range headers enables remote attackers to read sensitive server memory when processing specially crafted requests against vulnerable SoupServer instances. The flaw affects GNOME-based systems using certain build configurations and requires no authentication or user interaction. No patch is currently available, and exploitation likelihood remains low at 0.1% EPSS.

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. [CVSS 6.5 MEDIUM]

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication.

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface.

WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. [CVSS 7.3 HIGH]

ClamAV versions up to 0.103.0 contains a vulnerability that allows attackers to manipulate bytecode function names (CVSS 8.4).

Dokuwiki versions up to 2018-04-22b contains a vulnerability that allows attackers to identify valid user accounts (CVSS 5.3).

Directus versions before 11.14.1 contain a timing-based side-channel vulnerability in the password reset function that allows unauthenticated attackers to enumerate valid user accounts by measuring response time differences when submitting invalid reset URLs. The approximately 500ms variance between responses for existing versus non-existing users enables reliable, remote user discovery without authentication. A patch is available in version 11.14.1 and later.

Unsalted MD5 password hashing in newbee-mall. Combined with hardcoded credentials (CVE-2026-26218), passwords are trivially crackable. PoC available.

p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server [CVSS 7.5 HIGH]

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. [CVSS 8.4 HIGH]

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. [CVSS 5.3 MEDIUM]

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm. [CVSS 6.5 MEDIUM]

Grafana public dashboards with annotations enabled fail to enforce the dashboard's locked timerange restriction on annotation queries, allowing unauthenticated attackers to retrieve the complete annotation history beyond the intended viewing window. This information disclosure affects any organization exposing public dashboards with annotations, though only annotations already visible on the dashboard are accessible. No patch is currently available for this vulnerability.

Dell Update Package Framework versions 23.12.00 through 24.12.00 suffers from improper privilege handling that allows local attackers with low-level user accounts to escalate their privileges on affected systems. An attacker with interactive access could exploit this vulnerability to gain elevated permissions, potentially compromising system integrity and confidentiality. No patch is currently available for this high-severity vulnerability.

Deleted notes on affected Apple iOS and iPadOS devices remain accessible due to improper state management, allowing unauthenticated remote attackers to discover sensitive deleted content without user interaction. This information disclosure vulnerability affects iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5, with no patch currently available for earlier versions.

Sandboxed applications on Apple platforms (macOS Tahoe, Sonoma, Sequoia, iOS, and iPadOS) can bypass app state observability restrictions to access sensitive user data. A local attacker with app execution privileges could exploit this information disclosure vulnerability to observe data from other applications. Patches are available in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5, and iPadOS 18.7.5.

Unauthorized access to sensitive user data in iOS and iPadOS results from improper state management in authorization checks, allowing local applications to bypass access restrictions. This medium-severity vulnerability affects Apple iOS/iPadOS users running versions prior to 18.7.5 and 26.3, with no patch currently available. A malicious app with user permissions could extract confidential information without additional user interaction.

Mail content filtering bypass in Apple macOS, iOS, and iPadOS allows remote content to load in message previews despite user-disabled remote content settings. An attacker can exploit this logic flaw to track user engagement or deliver malicious content that bypasses the intended privacy protection. Patches are available in macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, and macOS Sonoma 14.8.4.

Sandbox escape in Apple macOS, iOS, and watchOS allows local authenticated attackers to break out of application sandboxes and gain unauthorized access to system resources and other applications' data. The vulnerability stems from insufficient validation logic in sandbox enforcement mechanisms, enabling privilege escalation with high impact on confidentiality, integrity, and availability across affected devices. No patch is currently available.

The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. [CVSS 3.3 LOW]

Insufficient data redaction in Apple's logging mechanisms across macOS, iOS, watchOS, and tvOS allows unauthenticated attackers to view sensitive user information without user interaction. This network-accessible vulnerability affects multiple Apple platforms and products with a CVSS score of 7.5. Patches are available in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.

Installed application enumeration in Apple operating systems (macOS, iOS, iPadOS, tvOS, visionOS, watchOS) allows local applications to discover what other apps a user has installed through insufficient privacy controls. An attacker can exploit this through a malicious app to profile a user's installed software without explicit permission. This vulnerability affects multiple Apple platforms and requires user interaction to execute a malicious application.

Memory disclosure in Apple's image processing across macOS, iOS, iPadOS, tvOS, and visionOS allows local attackers with user interaction to leak sensitive process memory by submitting a specially crafted image file. The vulnerability requires no elevated privileges and affects multiple Apple operating system versions, with fixes available in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, and corresponding iOS/iPadOS updates. An attacker could exploit this to extract confidential data from running processes on the targeted device.

Insufficient validation of environment variables in Apple's macOS, iOS, iPadOS, and visionOS allows local applications to read sensitive user data without user interaction. An attacker with the ability to run code on the affected device could exploit this to access confidential information through improperly sanitized environment variable handling. A patch is not currently available for this medium-severity vulnerability.

Local attackers can exploit an out-of-bounds read vulnerability in macOS and Linux systems to crash the kernel or leak sensitive kernel memory, affecting macOS Sequoia 15.7.3 and earlier, macOS Tahoe 26.2 and earlier, and macOS Sonoma 14.8.3 and earlier. The vulnerability requires local access but no special privileges or user interaction to trigger. No patch is currently available for this HIGH severity issue.

Unprivileged local users can exploit a race condition in Apple's operating systems (macOS, iOS, iPadOS, tvOS, and visionOS) to escalate privileges to root through improper state handling during concurrent operations. This vulnerability affects multiple OS versions and requires local access with low privileges to trigger, making it exploitable by malicious applications or local attackers. No patch is currently available for this vulnerability.

Unauthorized data access in macOS Sequoia, Tahoe, and Sonoma allows locally-installed applications to read sensitive user information due to insufficient privacy validation checks. An attacker with the ability to install or control an application on an affected system can exploit this to access confidential data without user consent. A patch is currently unavailable for this medium-severity vulnerability.

Memory corruption in Apple's media processing across iOS, macOS, watchOS, tvOS, and visionOS allows local attackers to crash applications or corrupt process memory by supplying specially crafted media files. An attacker with local access and user interaction can trigger out-of-bounds memory access during media file parsing, potentially leading to arbitrary code execution or denial of service. No patch is currently available for this vulnerability.

Memory handling vulnerabilities across Apple's macOS, iOS, and iPadOS platforms allow local attackers to trigger denial-of-service conditions or leak sensitive memory contents by processing specially crafted files. The vulnerability requires user interaction and local access, affecting multiple OS versions with patches available across the Apple ecosystem. CVSS 4.4 (Medium) severity reflects the limited attack surface and lack of remote exploitability.

Applications on Apple macOS and iOS platforms can circumvent user privacy preferences through a code execution vulnerability affecting multiple OS versions including Tahoe 26.3, Sonoma 14.8.4, Sequoia 15.7.4, and iOS 18.7.5. A local attacker with user interaction can exploit this to access sensitive user data or modify system settings protected by privacy controls. The vulnerability requires patching through official OS updates, as no workaround is currently available.

Keras versions 3.0.0 through 3.13.1 are vulnerable to arbitrary file read through malicious .keras model files that abuse HDF5 external dataset references, enabling unauthenticated remote attackers to disclose sensitive local files. This high-severity vulnerability affects all supported platforms and currently has no available patch. An attacker can exploit this by crafting a specially formatted model file that, when loaded by a Keras application, reads arbitrary files from the system.

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 7.5 HIGH]

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]

Avideo versions up to 8.1 contains a vulnerability that allows attackers to enumerate user details through the playlistsFromUser (CVSS 7.5).

Astpp versions up to 4.0.1 is affected by insertion of sensitive information into externally-accessible file (CVSS 7.5).

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter. [CVSS 7.5 HIGH]

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function. [CVSS 5.3 MEDIUM]

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. [CVSS 5.3 MEDIUM]

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. [CVSS 7.5 HIGH]

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options [CVSS 7.5 HIGH]

MiniGal Nano 0.3.5 and earlier are vulnerable to a path traversal attack in the dir parameter that bypasses insufficient dot-dot sequence filtering, allowing unauthenticated remote attackers to access and enumerate image files from arbitrary filesystem locations readable by the web server. This results in confidential information disclosure from unintended directories. No patch is currently available.

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches.

Unauthenticated web shell in METIS DFS devices (versions <= oscore 2.1.234-r18). Same vulnerability as CVE-2026-2248 but on DFS product line.

Unauthenticated web shell in METIS WIC devices (versions <= oscore 2.1.234-r18). The /console endpoint provides shell access without authentication. First of two related METIS CVEs.

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. [CVSS 7.8 HIGH]

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. [CVSS 7.5 HIGH]

An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. [CVSS 6.5 MEDIUM]

An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. [CVSS 5.5 MEDIUM]

Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025. [CVSS 8.3 HIGH]

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. [CVSS 8.2 HIGH]

Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data.

Unprivileged users with Event Log Reader privileges can extract proxy server credentials and URLs from PI to CONNECT event logs, potentially enabling unauthorized proxy access. This local information disclosure affects systems where such log access is granted to low-privileged accounts. No patch is currently available.

Memory disclosure in Substance 3D Modeler 1.22.5 and earlier through an out-of-bounds read allows attackers to expose sensitive information when victims open specially crafted files. The vulnerability requires user interaction but no special privileges, making it accessible to local attackers with access to craft malicious documents. Currently no patch is available, and exploitation could reveal confidential data stored in process memory.

Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.