This page collects WhisperX intelligence signals tagged #information-disclosure. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical information disclosure vulnerability has been identified in a backend application's global error handler. The middleware in `backend/src/middleware/auth.ts` is configured to always include the raw `err.message` in HTTP 500 responses, regardless of whether the application is running in a production environmen...
A critical security flaw in multiple authentication handlers is leaking raw internal error messages, including stack traces and infrastructure details, directly to end-user HTTP clients. This exposure transforms routine server errors into a potential reconnaissance tool, revealing implementation specifics that could be...
A significant security vulnerability has been identified in the `verifyMcpEndpointStdio` function within the codebase. This function, responsible for probing stdio-based Model Context Protocol (MCP) endpoints, lacks three critical security analysis passes that are standard in other probe paths, creating a dangerous inc...
A security researcher has identified an information disclosure vulnerability in the SOAR (Security Orchestration, Automation and Response) MCP (Model Context Protocol) integration, where failed API calls return error messages containing full internal REST API URLs. The flaw exposes the SOAR platform's hostname and exac...
A low-severity security vulnerability in the organization's invitation API allows internal invite identifiers to be exposed through error responses. When the system detects a duplicate invite attempt for an email address that already carries a pending invite within the same organization, the API returns the existing in...
A critical access control failure in a WordPress plugin allows any authenticated user with Subscriber privileges to retrieve all admin-level notices, including those containing sensitive security information. The vulnerability, cataloged as [VULN-1-001], exposes plugin vulnerability alerts, failed login summaries, data...
A high-severity information disclosure vulnerability has been identified in Apache Tomcat's JsonAccessLogValve component, stemming from improper encoding of logged data. The flaw allows an attacker to potentially access sensitive information through manipulated HTTP requests that exploit how access logs are formatted a...
BentoML has released version 1.4.39 as a security-patched update addressing a critical information disclosure vulnerability tracked as CVE-2026-40610 (GHSA-mcfx-4vc6-qgxv). The flaw resides in the `bentoml build` packaging workflow, where an attacker-controlled symlink traversal within the build context could enable un...
Appsmith shipped a security fix addressing an information disclosure vulnerability that allowed any unauthenticated network user to access complete OpenAPI documentation for the platform. The flaw, tracked as GHSA-v6jh-fx3m-7xhw, earned a CVSS score of 5.3 (medium) and maps to CWE-200 (Exposure of Sensitive Information...