Tag: information disclosure

All the articles with the tag "information disclosure".

• [CVE-2025-11368] LearnPress REST Endpoint Leaks Quiz Answers and Other Confidential Course Content

  21 Nov, 2025

  A missing capability check in a LearnPress REST route lets anyone harvest curriculum HTML, quiz questions and their correct answers without logging in.

• [CVE-2025-64502] Parse Server Leaks MongoDB Query Plans to Anyone Without a Master Key

  10 Nov, 2025

  All Parse Server releases before 8.5.0-alpha.5 accept the `explain` flag on any query, even when no master key is provided. That single flag exposes index definitions, execution time estimates and other metadata that make privilege-escalation and performance-degradation attacks much easier.

• [CVE-2025-62792] Wazuh Buffer Over-Read Lets Compromised Agents Sneak a Peek at Manager Memory

  29 Oct, 2025

  A flaw in Wazuh’s expression-matching routine lets a rogue or already-compromised agent read past the end of a heap buffer on the manager. While the bug stops short of code execution, it can leak log data or configuration secrets that help attackers move laterally.

• [CVE-2025-54571] ModSecurity Content-Type Confusion Exposes Script Source and Enables Stored XSS

  6 Aug, 2025

  For more than a decade ModSecurity has sat between Apache and the open internet. A subtle error in its error-handling path lets attackers override the Content-Type header after a parsing failure, resulting in plain-text leakage of protected scripts and reliable cross-site scripting in every version up to 2.9.11.