Skip to main content

Ransomlook

1 CVEs product

Monthly

CVE-2026-40584 MEDIUM PATCH This Month

RansomLook versions prior to 1.9.0 disclose non-public location information through an improper list-filtering logic error in the API layer. The vulnerability stems from removing elements from a list during iteration in website/web/api/genericapi.py, causing entries marked as private to persist in API responses. Unauthenticated remote attackers can retrieve sensitive location data that should remain hidden, with CVSS 6.9 indicating low confidentiality impact across the network.

Information Disclosure Ransomlook
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

RansomLook versions prior to 1.9.0 disclose non-public location information through an improper list-filtering logic error in the API layer. The vulnerability stems from removing elements from a list during iteration in website/web/api/genericapi.py, causing entries marked as private to persist in API responses. Unauthenticated remote attackers can retrieve sensitive location data that should remain hidden, with CVSS 6.9 indicating low confidentiality impact across the network.

Information Disclosure Ransomlook
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy