CWE-200: Information Exposure

CVE-2020-5676 is an information disclosure vulnerability in GROWI wiki software that allows remote attackers to access unauthorized information throug...

This CVE-2019-1224 vulnerability allows remote attackers to read sensitive memory contents from Windows RDP servers, potentially exposing credentials ...

This vulnerability in Azure Data Explorer allows unauthorized attackers to access sensitive information over the network. It affects organizations usi...

This vulnerability in Atomberg Erica Smart Fan firmware allows attackers to send crafted deauthentication frames to extract sensitive information and ...

This vulnerability in Strimzi Kafka Operator versions 0.47.0 through 0.49.0 creates an overly permissive Kubernetes Role that grants Kafka Connect and...

A correctness error in liboqs' HQC key encapsulation mechanism causes incorrect shared secret generation during decapsulation with malformed ciphertex...

This vulnerability in SAP Commerce Cloud's OCC API endpoints allows attackers to access sensitive PII data like passwords, email addresses, and coupon...

CVE-2022-23633 is a data leakage vulnerability in Ruby on Rails Action Pack where response bodies may not be properly closed, causing thread local sta...

Scrapy-splash versions before 0.8.0 expose authentication credentials to unintended targets when using HttpAuthMiddleware for Splash authentication. T...

CVE-2020-35681 is an information disclosure vulnerability in Django Channels 3.x where the legacy channels.http.AsgiHandler class incorrectly separate...

A vulnerability in Storybook versions 7.0.0 through 7.6.20, 8.0.0 through 8.6.14, 9.0.0 through 9.1.16, and 10.0.0 through 10.1.9 could expose sensiti...

CVE-2024-0242 is an information exposure vulnerability in Johnson Controls IQ Panel4 and IQ4 Hub security panel software that could allow unauthorized...

This vulnerability allows local attackers with root access on Android devices to bypass two-factor authentication in privacyIDEA Authenticator. By int...

The Database Backup and check Tables Automated With Scheduler 2024 WordPress plugin exposes sensitive database credentials to authenticated administra...

This vulnerability allows authenticated local users in ZimaOS to craft requests targeting internal IP addresses and services, potentially accessing HT...

This CVE describes a privacy vulnerability in Apple operating systems where an app could potentially identify what other apps a user has installed, ex...

This vulnerability allows applications to bypass certain privacy preferences on Apple operating systems, potentially accessing sensitive user data wit...

The AuthKit library for React Router 7+ versions 0.6.1 and below exposes sensitive authentication artifacts (sealedSession and accessToken) by returni...

GitProxy versions 1.19.1 and below allow attackers to inject hidden commits into Git packs sent to GitHub. These commits don't appear in branch histor...

An information disclosure vulnerability in Mitel MiContact Center Business's legacy chat component allows unauthenticated attackers to access sensitiv...

This CVE describes a privacy vulnerability where call history from deleted apps may still appear in Spotlight search results on iOS/iPadOS devices. Th...

This vulnerability allows a malicious actor with local administrative privileges on a VMware virtual machine to read privileged information from hyper...

This vulnerability in TYPO3 allows authenticated backend users to access files in the fallback storage via the File Abstraction Layer, potentially exp...

This vulnerability allows authenticated SSH users on Bosch VMS systems to bypass authorization controls and access internal network resources through ...

This vulnerability allows attackers to exploit indirect branch misprediction in Qualcomm chipsets to leak sensitive information from the kernel memory...

Grafana's datasource query caching feature inadvertently caches session headers, allowing authenticated users to potentially acquire other users' sess...

A local privilege escalation vulnerability in the Linux kernel's pfkey_register function allows unprivileged local users to access kernel memory. This...

This vulnerability in wire-webapp (Wire's frontend) causes the app-lock passphrase to be unintentionally sent to the most recently used chat when the ...

A race condition vulnerability in Windows Ancillary Function Driver for WinSock allows authenticated attackers to escalate privileges locally. This af...

This vulnerability in JumpServer exposes the random number seed via API, allowing attackers to predict or replay verification codes used for password ...

Raspberry Pi Imager 1.9.6 for Windows has a vulnerability where the public-key authentication setting persistently re-adds a user's id_rsa.pub key to ...

Mercusys MW305R routers running firmware version 3.30 and below expose their TLS certificate private keys, allowing attackers to decrypt encrypted tra...

Portainer Community Edition versions before STS 2.31.0 and LTS 2.27.7 contain an information disclosure vulnerability where HTTP headers (including au...

Argo CD versions before v2.13.4, v2.12.10, and v2.11.13 expose Kubernetes Secret values in error messages and diff views when invalid Secret resources...

This vulnerability in VMware Workspace One UEM allows attackers with network access to expose sensitive information. Organizations using affected vers...

This vulnerability in Usta Information Systems Inc.'s Aybs Interaktif software allows attackers to bypass authentication, access sensitive information...

The CNI portmap plugin versions 1.6.0-1.8.0 with nftables backend incorrectly forward all traffic on a host port to containers requesting HostPort for...

This CVE describes an authorization flaw in OliveTin web interface that allows authenticated users with 'view: false' permission to enumerate action b...

OpenEMR versions before 8.0.0 have an authorization bypass vulnerability in the FHIR CareTeam endpoint that allows patient-scoped tokens to access car...

This vulnerability in FileBrowser Quantum allows unauthorized access to password-protected shared files. Anyone with a share link can bypass password ...

Authenticated users in Apache Superset can exploit a disabled-by-default tagging feature to retrieve sensitive user data including password hashes and...

An information disclosure vulnerability in HPE Aruba Networking 5G Core server API error handling allows unauthenticated remote attackers to obtain se...

This CVE describes a macOS/iOS/iPadOS vulnerability where sandboxed applications can bypass security restrictions to access sensitive user data. The i...

This vulnerability in Google Chrome's animation implementation allows attackers to create malicious HTML pages that can leak data across different web...

This CVE describes an information disclosure vulnerability in Apache Airflow where authenticated users with access to specific DAGs can view import er...

This vulnerability in Decidim's private data export feature allows UUID collisions that could lead to unauthorized access to sensitive user data. Orga...

OpenEMR versions before 7.0.4 have an authorization bypass vulnerability where users without high-sensitivity privileges can view and modify clinical ...

This vulnerability in Gitea allows users who have had their access to private repositories revoked to still view issue and pull request titles through...

This vulnerability in Windows Shell allows an authorized attacker to access sensitive information and perform spoofing attacks over a network. It affe...

The BetterDocs WordPress plugin exposes sensitive information including OpenAI API keys to authenticated users with contributor-level access or higher...