CWE-200: Information Exposure

This vulnerability in the WP Extended WordPress plugin allows authenticated attackers with Subscriber-level access or higher to extract sensitive user...

The Bit Form Pro WordPress plugin versions up to 2.6.4 contain an authenticated sensitive data exposure vulnerability. Authenticated users can access ...

Acronis Agent in Cyber Protect 15 has excessive privileges that can lead to sensitive information disclosure. This affects Acronis Cyber Protect 15 in...

This vulnerability in NVIDIA GPU software for Linux allows unauthorized actors to access sensitive information through the GPU driver. It affects Linu...

This vulnerability allows a Moodle user with specific permissions to execute local file includes in misconfigured shared hosting environments. Attacke...

This vulnerability allows a Moodle user with wiki restore permissions and direct server access to execute local file includes in misconfigured shared ...

CVE-2021-44534 allows unauthenticated attackers to read arbitrary files on vulnerable systems by exploiting insufficient input filtering. This can lea...

This vulnerability in Gokapi's upload status SSE implementation allows authenticated users to see global upload state and file IDs from other users. I...

ManageEngine ADManager Plus versions before 8025 expose NTLM hashes to technicians with 'Impersonate as Admin' privileges. This allows authenticated t...

This CVE describes an incorrect permission assignment vulnerability in QNAP operating systems that allows authenticated users to read or modify critic...

This vulnerability in KESS Enterprise on Windows allows unauthorized actors to access sensitive information, modify services, and escalate privileges ...

MaxKB versions before 2.3.1 contain a sandbox escape vulnerability in the Python tool module that allows authenticated users to access sensitive infor...

This vulnerability in Foreman's report template loader macros allows authenticated users with template permissions to bypass authorization and read se...

This vulnerability in Cisco Nexus Dashboard Insights allows attackers who obtain tech support files to view remote controller admin credentials in cle...

This vulnerability in Pimcore's Admin Classic Bundle exposes sensitive system information to authenticated users. By accessing the /admin/index/statis...

This vulnerability in OpenText NetIQ Directory and Resource Administrator allows unauthorized access to sensitive information. It affects organization...

This CVE describes a permission verification bypass vulnerability in the media library module that allows unauthorized access to protected media conte...

This Windows Remote Procedure Call vulnerability allows unauthorized local attackers to access sensitive information from system memory. It affects Wi...

Grav CMS versions before 1.8.0-beta.27 expose password hashes to users with read access to the admin panel's user management section. This allows atta...

An authentication bypass vulnerability in the Gallery app allows unauthorized access to protected content. This affects Huawei device users who have t...

This CVE describes an identity authentication bypass vulnerability in Huawei's Gallery app that allows unauthorized access to protected content. Succe...

This vulnerability allows attackers to access hidden work profile notifications on Android devices without user interaction. It enables local informat...

This vulnerability in the media library module allows unauthorized access to protected information, potentially exposing sensitive data. It affects Hu...

This vulnerability in Windows Imaging Component allows local attackers to access sensitive information they shouldn't have access to. It affects Windo...

This vulnerability allows applications to observe hostnames of new network connections on macOS systems, potentially exposing sensitive information ab...

This CVE describes a cross-process screen stack vulnerability in Huawei's UIExtension module that could allow unauthorized access to screen content ac...

This vulnerability in the Linux kernel's uio_hv_generic driver could allow an untrusted hypervisor in Confidential Computing (CoCo) virtual machines t...

This CVE describes multiple vulnerabilities in Usta Information Systems Aybs Interaktif software that allow attackers to bypass authorization, access ...

The Reactor Netty HTTP client can leak credentials when configured to follow redirects in specific chained redirect scenarios. This affects applicatio...

This CVE describes a cross-site scripting (XSS) vulnerability in certain Lexmark printer products that allows attackers to inject malicious scripts. W...

This CVE describes an identity authentication bypass vulnerability in the window module that allows attackers to bypass authentication mechanisms. Suc...

The Fancy Product Designer WordPress plugin has a vulnerability that allows unauthenticated attackers to read sensitive files on the server, including...

The Lotus Cars Android app (version 1.2.8) has allowBackup=true in its manifest, enabling attackers with physical access to rooted or debug-enabled de...

The Database Toolset WordPress plugin stores database backup files in a publicly accessible directory, allowing unauthenticated attackers to potential...

This Next.js vulnerability allows the x-middleware-subrequest-id header to be unintentionally leaked to third-party servers during fetch requests from...

The 1 Click WordPress Migration Plugin exposes sensitive user data including usernames and password hashes during backup operations. Unauthenticated a...

This vulnerability allows unauthenticated attackers to access sensitive files stored in the '/wp-content/attachment' directory of the WooCommerce Retu...

This Windows Kerberos vulnerability allows attackers to disclose sensitive information from memory. It affects Windows systems using Kerberos authenti...

This vulnerability in gnark's Groth16 implementation breaks zero-knowledge property for proofs with commitments, allowing attackers to potentially ded...

An authenticated attacker with administrative privileges can exploit an information leak in BIPS to access SSH private keys from server responses. Thi...

This vulnerability allows unauthenticated attackers with network access via Bonjour to read sensitive data from Oracle Database Server's Portable Clus...

This vulnerability allows attackers to bypass proxy-level access restrictions in Rack applications using Rack::Sendfile with certain proxy configurati...

This CVE describes a data leak vulnerability in Discourse where unauthenticated users could view private content on the homepage of login-required sit...

This vulnerability in Beta80 Life 1st allows attackers to distinguish between invalid passwords and non-existent users through different error message...

This vulnerability allows authenticated Mattermost users to exfiltrate sensitive data including password hashes and MFA secrets through WebSocket mess...

This vulnerability allows unauthorized attackers to access sensitive information through ZTE T5400's web interface due to improper permission controls...

This vulnerability allows unauthorized attackers to access sensitive information through ZTE F50's web interface due to improper permission controls. ...

EnzoH contains an OS command injection vulnerability that allows attackers to execute arbitrary commands on affected systems. This affects organizatio...

This vulnerability in Red Hat Connectivity Link allows developers with access to leak secrets via HTTP connections. The AuthPolicy metadata incorrectl...

This vulnerability in Intel Tiber Edge Platform's Edge Orchestrator software allows authenticated users on adjacent networks to access sensitive infor...