#information-disclosure

[ follow ]
#remote-code-execution #linux-kernel #local-privilege-exploitation #openssh #cve-2026-46333
Information security
fromZDNET
1 week ago

The 4th Linux kernel flaw this month can lead to stolen SSH host keys

Linux kernel flaw ssh-keysign-pwn enables ordinary users to read sensitive files like SSH host private keys and the shadow password file.
Information security
fromThe Hacker News
2 months ago

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

CISA added CVE-2025-47813, a medium-severity information disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities catalog due to active exploitation evidence.
Relationships
fromPsychology Today
2 months ago

'I Really Don't Want to Hear This'

Managing privacy in relationships requires thoughtful decisions about what information to share or withhold, balancing respect for others' privacy with relationship dynamics.
Information security
fromThe Hacker News
4 months ago

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Multiple critical command-injection and information-disclosure vulnerabilities in Coolify allow authenticated or low-privileged users to achieve remote code execution, container escape, and root compromise.
Information security
fromThe Hacker News
4 months ago

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Authenticated administrative users can exploit an XML parsing flaw in Cisco ISE/ISE-PIC licensing to read arbitrary operating-system files.
Information security
fromThe Hacker News
5 months ago

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

React Server Components contain vulnerabilities allowing pre-auth DoS and possible Server Function source-code disclosure; update to versions 19.0.3, 19.1.4, or 19.2.3.
fromTryton Discussion
6 months ago

Security Release for issue #14354

Mahdi Afshar and Abdulfatah Abdillahi have found that trytond sends the trace-back to the clients for unexpected errors. This trace-back may leak information about the server setup. Impact CVSS v3.0 Base Score: 4.3 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None Workaround A possible workaround is to configure an error handler which would remove the trace-back from the response. Resolution All affected users should upgrade trytond to the latest version.
Information security
Information security
fromThe Hacker News
6 months ago

ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

Digital vulnerabilities now translate into real-world harm as scams, rented cyber violence, and compromised apps turn digital weaknesses into physical, economic, and political threats.
fromThe Hacker News
8 months ago

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 - Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach Patches for the first two shortcomings were released by Sitecore in June and for the third in July 2025, with the company stating that "successful exploitation of the related vulnerabilities might lead to remote code execution and non-authorized access to information."
Information security
[ Load more ]