This page collects WhisperX intelligence signals tagged #information_disclosure. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical information disclosure vulnerability has been identified across all Lambda functions within a major codebase, exposing detailed system internals through error messages. The flaw, rated HIGH severity, allows attackers to gather significant reconnaissance data, including full stack traces, internal file paths,...
A high-severity security vulnerability has been identified within the `getsentry/sentry-javascript` repository, stemming from the `fast-xml-parser` dependency. The flaw, classified as conditionally reachable, poses a significant risk of information disclosure. The exact technical details of the vulnerability are being ...
An automated security scan has flagged a critical oversight in a Ruby on Rails application, identifying a failure to log security events that could blind administrators to malicious activity. The vulnerability, classified as an Information Disclosure risk with MEDIUM severity, is rooted in a single line of code within ...
An automated security scan has exposed a potentially significant oversight in a live Rails application. The RSOLV security scanner identified a single, medium-severity information disclosure vulnerability within the `arubis/sample_rails_app` repository, pinpointing a failure in security event logging that could cripple...
A high-severity security vulnerability has been identified where error messages in an application's code explicitly reveal the expected format for Anthropic API keys. This information disclosure provides attackers with critical intelligence for crafting targeted attacks. The vulnerability is located in the `src/servic...
A critical security vulnerability has been identified in the RPC layer of a software system, where raw, detailed database error messages are being directly returned to untrusted remote callers. The flaw resides in the `handle` function within the `crates/rpc/src/methods/get_transactions.rs` file. When a database operat...
A critical security flaw in Vite's development server allows attackers to bypass file access restrictions and retrieve sensitive files like environment variables and certificates. The vulnerability, present in versions 7.1.0 through 7.3.1 and 8.0.4, enables unauthorized access to files explicitly blocked by the `server...
Logixlysia, a software platform, is exposing a critical information disclosure vulnerability that leaks sensitive data directly into its logs. The system's logging mechanism passes entire error objects to console output, log files, and external logging services without any sanitization or filtering. This flaw means any...
A third-party security scan has flagged a significant information disclosure vulnerability on the official government websites for the City of Miamisburg. The sites `cityofmiamisburg.com` and `playmiamisburg.com`, both powered by the ProudCity platform, are returning the `X-Powered-By: PHP/8.2.30` header in all HTTP re...
A security vulnerability in Finnet's codebase exposed internal server file paths to users via HTTP error messages, creating a potential information disclosure risk. The flaw, tracked internally as IFN-03-002, allowed detailed directory structures and system layouts to be revealed in error responses and logs, providing ...
A recent security patch for an IBM internal system reveals a significant information disclosure vulnerability. During a penetration test, security teams discovered that overly verbose API error messages were leaking critical implementation details. These details, including database schema, specific constraints, and int...