CWE-200: Information Exposure

This vulnerability allows malicious iOS/iPadOS apps to monitor keystrokes without user permission, potentially capturing sensitive input like password...

A vulnerability in Cilium's GatewayAPI controller fails to properly propagate ReferenceGrant changes, allowing Gateway resources to retain access to s...

mcp-memory-service versions before 10.21.0 expose detailed system information via an unauthenticated /api/health/detailed endpoint when MCP_ALLOW_ANON...

This vulnerability allows unauthenticated attackers to access unpublished status pages and internal monitoring data in Checkmate installations. Any or...

This vulnerability in cpp-httplib leaks internal exception messages to unauthenticated clients when request handlers throw C++ exceptions. Any applica...

wpForo Forum 2.4.14 contains an information disclosure vulnerability where unauthenticated attackers can access private and unapproved forum topics th...

FastApiAdmin up to version 2.2.0 contains an information disclosure vulnerability in the reset_api_docs function of the custom documentation endpoint....

This vulnerability in funadmin allows remote attackers to exploit the getMember function in the forget.html login component to disclose sensitive info...

This vulnerability in Foswiki allows remote attackers to access sensitive information through the Changes/Viewfile/Oops component. It affects all Fosw...

The Web Accessibility by accessiBe WordPress plugin exposes sensitive configuration data to unauthenticated users via browser console logging. This vu...

The Context Blog WordPress theme has an information disclosure vulnerability that allows unauthenticated attackers to access password-protected, priva...

This vulnerability in Grafana allows attackers to view annotation data outside the locked timerange on public dashboards with annotations enabled. Org...

A logic flaw in iOS/iPadOS note management could allow attackers to access users' deleted notes. This affects users running vulnerable versions of iOS...

This vulnerability in Statping-ng v0.91.0 allows attackers to access sensitive information through crafted requests to the command execution function....

This vulnerability in Statping-ng v0.91.0 allows attackers to retrieve sensitive user information through unauthorized API requests to the /api/users ...

This vulnerability in Tenda AC21 routers allows remote attackers to access sensitive information through the web management interface. Attackers can e...

This vulnerability in Tenda AC21 routers allows remote attackers to access sensitive information through the web management interface. Attackers can e...

This vulnerability in WeKan versions up to 8.20 allows remote attackers to access sensitive information through the Activity Publication Handler compo...

This vulnerability in D-Link DIR-605L and DIR-619L routers allows remote attackers to access sensitive information through the DHCP Connection Status ...

A security vulnerability in D-Link DIR-605L and DIR-619L routers allows remote attackers to access sensitive information through the Wifi Setting Hand...

A vulnerability in D-Link DIR-605L and DIR-619L routers allows remote attackers to disclose sensitive information via the DHCP Client Information Hand...

This vulnerability allows attackers to discover the Magento admin URL without prior knowledge by exploiting the X-Original-Url header in certain confi...

The Chapa Payment Gateway Plugin for WooCommerce exposes sensitive merchant API keys through an unauthenticated WooCommerce API endpoint. This vulnera...

The Magic Import Document Extractor WordPress plugin exposes the site's magicimport.ai license key in page source code through the get_frontend_settin...

This vulnerability in Tutor LMS WordPress plugin allows authenticated attackers with Subscriber-level access or higher to retrieve sensitive coupon in...

The Spectra Gutenberg Blocks plugin for WordPress has an information disclosure vulnerability that allows unauthenticated attackers to read excerpts f...

This vulnerability in Hono's static middleware for Cloudflare Workers allows attackers to read arbitrary environment keys by manipulating file paths. ...

This vulnerability in phpMyFAQ exposes sensitive user information through multiple public API endpoints due to insufficient access controls. Attackers...

This vulnerability in Oracle Life Sciences Central Designer allows unauthenticated attackers to read sensitive data via HTTP requests. It affects vers...

This vulnerability in Oracle Solaris 11 kernel allows unauthenticated attackers with network access via TCP to read sensitive system data. It affects ...

A security vulnerability in MineAdmin 1.x/2.x allows remote attackers to exploit the Swagger component to disclose sensitive information. This affects...

This vulnerability in birkir prime's GraphQL Directive Handler allows remote attackers to extract sensitive information through error messages. It aff...

This vulnerability in birkir prime's GraphQL API allows remote attackers to access sensitive information through manipulation of the /graphql endpoint...

The CubeWP WordPress plugin has an information exposure vulnerability that allows unauthenticated attackers to access password-protected, private, or ...

The WP Hotel Booking WordPress plugin exposes sensitive customer information to unauthenticated attackers. By providing a valid email address and a pu...

This CVE describes a permissions vulnerability in iOS/iPadOS that allows malicious apps to enumerate which other apps are installed on a user's device...

This vulnerability allows unauthenticated attackers to view detailed information about all software components, versions, and licenses used by the app...

The LottieFiles WordPress plugin exposes sensitive account credentials through an unauthenticated REST API endpoint. Unauthenticated attackers can ret...

The PDF Resume Parser WordPress plugin exposes SMTP credentials to unauthenticated users through an insecure AJAX endpoint. This allows attackers to s...

This CVE describes an information disclosure vulnerability in the XML component of Firefox and Thunderbird. It allows attackers to potentially access ...

This CVE describes an information disclosure vulnerability in the Networking component of Mozilla products. It allows attackers to potentially access ...

The EventPrime WordPress plugin exposes sensitive booking data through its REST API to unauthenticated attackers when the API is enabled. This vulnera...

CVE-2026-22251 is a vulnerability in the wlc Weblate command-line client where unscoped API keys could be inadvertently leaked to different servers. T...

A buffer out-of-bounds read vulnerability in Cisco Snort 3's DCE/RPC request processing allows unauthenticated remote attackers to cause information d...

Signal K Server versions before 2.19.0 have an unauthenticated information disclosure vulnerability that allows any user to retrieve sensitive system ...

The PixelYourSite WordPress plugin exposes sensitive information through publicly accessible log files when the 'Meta API logs' setting is enabled. Un...

This vulnerability in TOZED ZLT M30s routers allows remote attackers to disclose sensitive information by manipulating the 'goformId' parameter in the...

This vulnerability allows unauthenticated attackers to extract sensitive user information from WordPress sites using the Ultimate Member plugin. Attac...

This vulnerability in the WordPress Events Manager plugin allows unauthenticated attackers to access sensitive event location data that should be prot...

The Guest Support WordPress plugin up to version 1.2.3 contains an unauthenticated user email disclosure vulnerability. Attackers can exploit a public...