CWE-200: Information Exposure

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default, allowing attackers on the same network path to i...

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-side JavaScript bundles when configured with the toke...

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a third-party library URL. When accessed, it reveals web...

This vulnerability in SQLpage allows attackers to retrieve database connection strings from publicly exposed instances, potentially gaining direct acc...

This vulnerability in Metabase allows attackers to exploit the custom GeoJSON map feature to perform local file inclusion attacks. By submitting malic...

ChurchCRM versions before 6.5.3 expose sensitive database credentials in error messages, allowing attackers to obtain database host, IP, username, and...

This CVE allows API tokens with project-level permissions in Argo CD to retrieve sensitive repository credentials (usernames, passwords) through the p...

This authentication bypass vulnerability allows low-privileged attackers to access NTLM hashes of service accounts on VSPC servers. Attackers could us...

This vulnerability in Argo CD exposes sensitive cluster secret data through the API. Users with 'clusters, get' RBAC permissions can access the full s...

CVE-2023-28444 is an information exposure vulnerability in angular-server-side-configuration where environment variables intended for backend services...

CVE-2022-24768 is an improper access control vulnerability in Argo CD that allows authorized users with specific permissions to escalate privileges to...

Known social publishing platform versions 1.6.2 and earlier contain a critical authentication bypass vulnerability where password reset tokens are exp...

This vulnerability in Google Chrome allows attackers who obtain network log files to potentially extract sensitive information due to insufficient pol...

This vulnerability exposes sensitive internal API documentation in BLUVOYIX, allowing unauthenticated attackers to craft HTTP requests that abuse inte...

An unauthenticated attacker can obtain device configuration files from vulnerable FortiFone systems by sending crafted HTTP/HTTPS requests. This affec...

The Export WP Page to Static HTML & PDF WordPress plugin exposes authentication cookies in publicly accessible cookies.txt files when administrators t...

The Meatmeet Android mobile app version 1.1.2.0 contains an exported activity that can be triggered by other apps, revealing a hidden page with inform...

This vulnerability allows remote attackers to gain root privileges and execute arbitrary code on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devic...

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes an unauthenticated configuration endpoint that leaks sensitive information including database cred...

This vulnerability in QNAP Photo Station allowed unauthorized cryptocurrency mining (XMR mining) through security weaknesses. It affects QNAP NAS devi...

The AI Engine WordPress plugin exposes bearer tokens through an unauthenticated REST API endpoint when 'No-Auth URL' is enabled. This allows attackers...

This vulnerability allows a compromised web process to send malicious IPC messages that cause the privileged browser process to leak memory contents. ...

This vulnerability allows unauthenticated attackers to bypass authentication in the RestroPress WordPress plugin by exploiting exposed user tokens via...

Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive streaming and device configuration data through an unauthenticated Telnet service o...

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive configuration information via an unauthenticated Telnet service on port 9990. Attackers can gather ...

OPSI versions before 4.3 allow any client to access ProductPropertyState data belonging to other clients, potentially exposing sensitive information l...

ESPEC North America Web Controller 3 versions before 3.3.4 expose JWT secrets when receiving invalid authentication requests at /api/v4/auth/. This al...

This vulnerability allows attackers who gain access to Marbella KR8s Dashcam FF devices (via default/weak passwords) to download all video and audio r...

This CVE describes a permissions issue in Apple operating systems that allows applications to fingerprint users. The vulnerability affects macOS, iPad...

This vulnerability allows malicious applications to read kernel memory on macOS systems, potentially exposing sensitive system information. It affects...

This vulnerability in wolfSSL's OpenSSL compatibility layer causes predictable random number generation after fork() operations, potentially leading t...

CVE-2023-47029 is a critical vulnerability in NCR Terminal Handler v1.5.1 that allows remote attackers to execute arbitrary code and access sensitive ...

This vulnerability in Microsoft Power Automate allows unauthorized attackers to access sensitive information over a network, potentially leading to pr...

This vulnerability in Adept programming language's GitHub workflow exposes the GITHUB_TOKEN in uploaded artifacts, allowing attackers to extract it an...

A data exposure vulnerability in macOS Messages allows user contact information to leak into system logs when deleting conversations. This affects mac...

This vulnerability allows an app to enumerate a user's installed applications without proper authorization. It affects Apple devices running vulnerabl...

This CVE describes a macOS privacy vulnerability where applications could access unprotected user data stored in insecure locations. The issue affects...

A macOS vulnerability allows malicious applications to bypass symlink protections and access protected user data. This affects macOS Ventura, Sequoia,...

A state management vulnerability in macOS allows malicious applications to bypass file access restrictions and read arbitrary files on the system. Thi...

This vulnerability in macOS allows malicious applications to bypass security restrictions and access protected user data without proper authorization....

A macOS vulnerability in the Messages app where deleting conversations may expose user contact information in system logs. This affects users running ...

This CVE describes an information disclosure vulnerability in Apple operating systems where an app can determine a user's current location without pro...

Tolgee localization platform versions 3.81.1 and earlier expose all configuration properties publicly through PublicConfigurationDTO, allowing unauthe...

This CVE describes an information exposure vulnerability where credentials can be leaked when an attacker has network access to the application over H...

CVE-2024-6633 exposes default credentials for the HSQL database in FileCatalyst Workflow, allowing attackers to compromise the database if it remains ...

This vulnerability in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows remote attackers to extract sensitive information through cookie parame...

CVE-2024-6407 is a critical information disclosure vulnerability in Schneider Electric devices that allows attackers to extract credentials by sending...

CVE-2024-37113 is an unauthenticated database backup download vulnerability in the WishList Member X WordPress plugin. It allows attackers without cre...

CVE-2024-4300 is a critical information disclosure vulnerability in E-WEBInformationCo. FS-EZViewer(Web) that exposes database configuration files con...

Jizhicms v2.5 contains an arbitrary file download vulnerability in the admin plugin controller that allows attackers to download any file from the ser...