CWE-200: Information Exposure

This vulnerability in zlt2000 microservices-platform exposes sensitive information through the Spring Actuator endpoint. Attackers can remotely access...

The GiveWP WordPress plugin up to version 4.6.0 exposes donor information including names, emails, and donor IDs to unauthenticated attackers. This vu...

This vulnerability in Exrick xboot allows remote attackers to access sensitive information through Spring Boot Admin/Spring Actuator endpoints. It aff...

This vulnerability allows unauthorized users to access cached content from Umbraco's Content Delivery API even when API key authentication is required...

The WoodMart WordPress theme plugin has an information exposure vulnerability that allows unauthenticated attackers to access password-protected, priv...

Infoblox NETMRI versions before 7.6.1 contain a vulnerability that allows remote authenticated users to read arbitrary files with root-level access. T...

This vulnerability in Netgear DGND3700 routers allows remote attackers to access sensitive information through the /currentsetting.htm file via the mi...

This vulnerability in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0 allows remote attackers to access sensitive configurati...

This vulnerability in TOTOLINK A720R routers allows remote attackers to access sensitive system configuration information without authentication. By m...

This vulnerability in ScriptAndTools eCommerce-website-in-PHP 3.0 allows remote attackers to access sensitive information through the /admin/subscribe...

The Prevent Direct Access WordPress plugin generates insufficiently random file names for protected files, allowing unauthenticated attackers to guess...

The Memberpress WordPress plugin exposes sensitive information through WordPress core search functionality. Unauthenticated attackers can access restr...

The WP STAGING Pro WordPress Backup Plugin has an information disclosure vulnerability that allows unauthenticated attackers to discover outdated plug...

The Developer Toolbar WordPress plugin exposes sensitive server information through a publicly accessible phpinfo.php script. This allows unauthentica...

This vulnerability allows unauthenticated attackers to list and delete CLI authentication tokens in SUSE Rancher before the CLI can retrieve them. Thi...

The Accept SagePay Payments Using Contact Form 7 WordPress plugin exposes sensitive server information through a publicly accessible phpinfo.php scrip...

The Melhor Envio WordPress plugin exposes sensitive information through a hardcoded hash in the 'run' function. Unauthenticated attackers can extract ...

This vulnerability in Vite allows attackers to bypass file access restrictions and read arbitrary files from the server. It affects Vite 6.0+ developm...

An attacker controlling the element.json well-known file can potentially access media encryption keys used in Element Call calls. This affects Element...

ZITADEL's 'Ignoring unknown usernames' setting fails to properly hide user existence due to username normalization, allowing attackers to determine if...

Vite development servers configured to expose content to the network can leak sensitive file contents through specific query parameters (?inline&impor...

The DAP to Autoresponders Email Syncing WordPress plugin exposes sensitive server information through a publicly accessible phpinfo.php file. This all...

This vulnerability allows remote unauthenticated attackers to obtain sensitive software version information from multiple Fortinet products by reading...

This vulnerability in Directus allows authenticated users to enumerate database field contents they shouldn't have permission to view. By exploiting t...

The Easy Digital Downloads WordPress plugin exposes private download post titles to unauthenticated users via an AJAX function. This affects all WordP...

This CVE describes a path traversal vulnerability in Vite development servers where attackers can bypass file access restrictions by appending '?raw??...

The NEX-Forms WordPress plugin up to version 8.8.1 allows unauthenticated attackers to access uploaded files due to insufficient directory listing pre...

This CVE describes an information exposure vulnerability in QNAP NAS products that could allow remote attackers to access sensitive system information...

The Content Control WordPress plugin up to version 2.5.0 allows unauthenticated attackers to access restricted content through WordPress core search f...

CVE-2019-1815 allows unauthenticated attackers to access sensitive logs containing wireless pre-shared keys, VPN keys, and other privileged informatio...

Mastodon instances with domain block visibility set to 'users' (logged-in users) inadvertently expose block reasons to unapproved users. This affects ...

The Classified Listing WordPress plugin has an information disclosure vulnerability that allows unauthenticated attackers to extract sensitive data li...

This vulnerability in AnkiDroid allows attackers to access and copy internal application files from protected storage to publicly accessible locations...

The Tripetto WordPress plugin has a vulnerability that allows unauthenticated attackers to access files uploaded through forms, including potentially ...

This vulnerability allows unauthenticated remote attackers to access sensitive information from Alpine Halo9 devices via the DLT interface on TCP port...

This vulnerability in Umbraco CMS allows attackers to determine whether specific user accounts exist by analyzing response codes and timing difference...

The Ultimate Member WordPress plugin versions up to 2.9.1 leak sensitive user metadata through error messages. Unauthenticated attackers can extract d...

The Moving Users WordPress plugin exposes sensitive user data through predictable JSON file locations in export functionality. Unauthenticated attacke...

CVE-2024-56136 is an information disclosure vulnerability in Zulip Server that allows unauthenticated attackers to determine if specific email address...

This vulnerability in D-Link DIR-878 routers allows remote attackers to access sensitive information through the /dllog.cgi endpoint via HTTP POST req...

The W3 Total Cache WordPress plugin exposes debug log files publicly when debug mode is enabled, allowing unauthenticated attackers to view potentiall...

This vulnerability in reggie 1.0 allows remote attackers to obtain sensitive information by manipulating the 'code' parameter in the phone number vali...

The Member Access WordPress plugin up to version 1.1.6 allows unauthenticated attackers to bypass content restrictions via WordPress core search funct...

This CVE describes an information exposure vulnerability in Mashov software where sensitive data is accessible to unauthorized actors. The vulnerabili...

This vulnerability in Amcrest IP cameras allows remote attackers to access sensitive information through the web interface. It affects multiple Amcres...

The Page Restriction WordPress plugin (versions up to 1.3.6) allows unauthenticated attackers to access sensitive content from posts/pages restricted ...

The Simple Page Access Restriction WordPress plugin exposes sensitive content through WordPress's built-in search feature. Unauthenticated attackers c...

The Accept Authorize.NET Payments Using Contact Form 7 WordPress plugin exposes configuration data through the cf7adn-info.php file, allowing unauthen...

An information disclosure vulnerability in Fortra's GoAnywhere MFT allows external attackers to access sensitive admin root folder resources without a...

The Restrict Content plugin for WordPress (versions up to 2.2.8) allows unauthenticated attackers to access sensitive content from posts restricted to...