CWE-200: Information Exposure

The BetterDocs WordPress plugin exposes sensitive information including OpenAI API keys to authenticated users with contributor-level access or higher...

This vulnerability allows authenticated users on Craft CMS installations to expose sensitive assets through maliciously crafted requests targeting use...

Dify versions before 1.11.0 expose API keys in plaintext to frontend users, allowing non-administrators to view and potentially misuse them. This vuln...

A vulnerability in WooCommerce allows logged-in customers to access guest customer order data on sites with specific configurations. This affects WooC...

An authenticated local user can access sensitive information from debug files in Identity Agent for Terminal Services, potentially allowing them to cl...

An authenticated local user on a Windows Terminal Server can access sensitive information in Windows Registry keys for Check Point Identity Agent, all...

PagerDuty Runbook exposes stored secrets in the webpage DOM on configuration pages, allowing administrative users to view masked passwords by changing...

This vulnerability in Microsoft Graphics Component allows an authenticated attacker to access sensitive information over a network connection. It affe...

This CVE describes an information disclosure vulnerability in Rallly, an open-source scheduling tool. It allows unauthorized access to participant nam...

This vulnerability in Devolutions Server and Remote Desktop Manager exposes credentials through unintended requests, potentially allowing attackers to...

GatesAir Flexiva-LX devices expose session IDs in publicly accessible log files, allowing unauthenticated attackers to hijack admin sessions. This aff...

This vulnerability in Microsoft Dynamics 365 (on-premises) allows unauthorized attackers to access sensitive information over the network. Attackers c...

This vulnerability in LinkAce allows any authenticated user to access all links, lists, and tags from all users in the system, regardless of ownership...

This vulnerability in LinkAce allows any authenticated user to export the entire database of links, including private links belonging to other users. ...

ManageEngine Applications Manager versions 176800 and below contain an information disclosure vulnerability in the File/Directory monitor component. T...

This vulnerability allows authenticated API users in Icinga 2 to bypass permission restrictions and access sensitive information they shouldn't have a...

An authenticated attacker can access sensitive information on vulnerable FortiADC devices by sending specially crafted HTTP/HTTPS requests. This affec...

This vulnerability allows malicious websites to access device sensor data (like motion, orientation, or environmental sensors) without obtaining user ...

This vulnerability in AXIS BANK LIMITED Axis Mobile App 9.9 allows attackers to access sensitive banking information without requiring UPI PIN authent...

This vulnerability in Microsoft Dynamics 365 (on-premises) allows unauthorized attackers to access sensitive information over the network. Attackers c...

This vulnerability in Windows File Explorer allows unauthorized attackers to perform network spoofing by exploiting exposed sensitive information. It ...

Opencast versions before 17.6 incorrectly send hashed global system account credentials to attacker-controlled URLs when fetching mediapackage element...

WinMatrix3 Web package has an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands. This enables...

This vulnerability allows unauthorized users to access the /log endpoint on Juju controllers, exposing debug messages that may contain sensitive infor...

This vulnerability in MicroSCADA X SYS600's web interface allows attackers to craft malicious filtering queries that bypass authorization controls, po...

PostgreSQL Anonymizer versions 2.0-2.1 contain a data exposure vulnerability where users with masked access can bypass masking rules and read original...

Cashbook v4.0.3 contains an arbitrary file read vulnerability in the /api/entry/flow/invoice/show endpoint. Attackers can exploit this to read sensiti...

This vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized network attackers to access sensitive information. It affec...

This vulnerability allows an attacker to read 32 bits of sensitive data from the stack in JIT-compiled JavaScript functions. It affects Firefox web br...

This CVE describes a macOS code-signing downgrade vulnerability that allows malicious applications to bypass security restrictions and access protecte...

CVE-2025-29497 is a memory leak vulnerability in libming v0.4.8's parseSWF_MORPHFILLSTYLES function that allows attackers to cause denial of service t...

CVE-2025-29488 is a memory leak vulnerability in libming v0.4.8's parseSWF_INITACTION function. This vulnerability allows attackers to cause denial of...

This vulnerability in Devolutions Remote Desktop Manager allows authenticated users to export hub data sources containing their authenticated session ...

This vulnerability in Windows File Explorer allows unauthorized attackers to access sensitive information and perform spoofing attacks over a network....

CVE-2025-25192 allows low-privileged users in GLPI to enable debug mode, potentially exposing sensitive system information. This affects GLPI installa...

Multiple memory leaks in ABC file parsing functions in libming v0.4.8 allow attackers to cause denial of service through crafted ABC files. This affec...

A memory leak vulnerability in Bento4's mp4fragment tool allows attackers to cause information disclosure by processing specially crafted invalid MP4 ...

This vulnerability in Bento4 v1.6.0-641 allows attackers to read sensitive information from memory through improper handling of MP4 files. It affects ...

Adobe Commerce has an information exposure vulnerability that allows low-privileged attackers to access sensitive data without user interaction. This ...

This vulnerability allows unauthorized users to access any PDF invoice or packing slip from a WooCommerce store by manipulating URL parameters. It aff...

CVE-2025-23047 is a Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability in Cilium's Hubble UI that allows malicious websites to access...

This vulnerability in Google Chrome's Fenced Frames implementation allows attackers to extract potentially sensitive system information through specia...

The WP Project Manager WordPress plugin exposes hashed passwords and other sensitive data through an insecure REST API endpoint. Authenticated attacke...

The GitHub CLI (gh) versions before 2.63.0 leak authentication tokens when cloning repositories containing git submodules from non-GitHub hosts. This ...

This vulnerability in Graylog's reporting functionality allows authorized users to potentially access other users' reports when multiple concurrent re...

This vulnerability allows authenticated remote attackers to view sensitive information, including credentials, stored in clear text within Cisco Unifi...

This vulnerability in RKE1 clusters causes continuous reconciliation when secrets encryption is enabled, exposing Kube API secret values in plaintext ...

This vulnerability in Oracle Service Bus allows authenticated attackers with low privileges to access sensitive data via HTTP requests. It affects Ora...

This Microsoft Office spoofing vulnerability allows attackers to craft malicious documents that appear legitimate to users. It affects users who open ...

An information disclosure vulnerability in Mantis Bug Tracker allows unprivileged registered users to retrieve other users' personal system profile in...