CWE-200: Information Exposure

This vulnerability allows unauthenticated attackers to access restricted functionality in Progress Telerik Report Server due to a trust boundary viola...

This vulnerability in TYPO3's ShowImageController allows attackers to trigger unlimited thumbnail generation by manipulating the 'frame' parameter wit...

A vulnerability in RUGGEDCOM CROSSBOW allows log messages to be forwarded to a specific client under certain circumstances. Attackers could exploit th...

This vulnerability in Academy LMS WordPress plugin exposes sensitive information to unauthorized actors. It affects Academy LMS versions up to 1.9.25,...

This vulnerability in the Filebird WordPress plugin allows unauthorized actors to access sensitive information. It affects all Filebird installations ...

This vulnerability exposes sensitive information to unauthorized actors in the RadiusTheme ShopBuilder WordPress plugin. It affects WordPress sites us...

MantisBT versions before 2.26.2 have an information disclosure vulnerability where users can see metadata about notes they shouldn't have access to. W...

Zitadel identity management system versions before patched releases could expose database connection details (database name, username, hostname) to us...

CVE-2022-1911 is an information disclosure vulnerability in M-Files Server where an error in the parser function allows unauthenticated attackers to a...

A permission control vulnerability in Huawei's Notepad module could allow unauthorized access to sensitive information. This affects Huawei consumer d...

A permission control vulnerability in Huawei's Notepad module could allow unauthorized access to sensitive information. This affects Huawei device use...

This vulnerability allows unauthorized access to Bluetooth adapter details on affected Android devices through a permissions bypass. It enables local ...

EnzoH contains an OS command injection vulnerability (CWE-200) that could allow authenticated attackers to execute arbitrary commands on affected syst...

Apache Commons VFS versions before 2.10.0 can leak FTP passwords in error messages when file operations fail. This occurs because the FtpFileObject cl...

CVE-2024-39600 is a memory disclosure vulnerability in SAP GUI for Windows where passwords remain in memory after login, potentially allowing attacker...

This vulnerability allows authenticated users to inject HTML content that gets rendered in other users' browsers in M-Files Web, potentially enabling ...

This vulnerability in Umbraco CMS allows attackers with backoffice access to enumerate arbitrary files on the server filesystem by exploiting predicta...

A vulnerability in SIMATIC CN 4100 industrial communication devices allows attackers to exploit inconsistent SNMP behavior to access sensitive data, p...

This CVE describes an app lock verification bypass vulnerability in a file management application. Attackers could potentially access protected files ...

This CVE describes a permission control vulnerability in Huawei's file management module that could allow unauthorized access to sensitive files. Succ...

This vulnerability allows system administrators to access password hashes and MFA secrets through an API endpoint that fails to properly sanitize user...

This vulnerability allows high-privileged attackers with network access via HTTP to access sensitive data in Oracle Financial Services Revenue Managem...

An information disclosure vulnerability in SeaCMS 13.1 allows authenticated administrators to scan and download files from the server's root directory...

This vulnerability allows Harbor administrators to exploit an ORM leak in the /api/v2.0/users endpoint to extract users' password hashes and salts cha...

A vulnerability in OXID eShop allows CMS pages with Smarty syntax errors to display user information. This affects OXID eShop installations using CMS ...

Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 may log plaintext passwords for local native authentication users when the AdminManager log c...

The Bare Metal Operator (BMO) in Metal3 allows users with BareMetalHost creation/edit permissions to exfiltrate Kubernetes Secrets from any namespace ...

This vulnerability allows privileged users within Zoom Workplace environments to access sensitive information through network connections. It affects ...

vaeThink 1.0.2 contains an information disclosure vulnerability in the system backend's access management administrator function. This allows attacker...

This vulnerability in Directus allows users with permission to view collections containing redacted hashed fields to bypass redaction and access the p...

Nebari versions through 2024.4.1 expose the temporary Keycloak root password in deployment logs. This information disclosure vulnerability allows atta...

A permission control vulnerability in Huawei's Notepad module could allow unauthorized access to sensitive information. This affects users of Huawei c...

The ShareThis Dashboard for Google Analytics WordPress plugin exposes Google Analytics client credentials in plaintext within publicly accessible sour...

BBOT's GitLab module can leak GitLab API keys to attacker-controlled servers through maliciously formatted git URLs. This affects organizations using ...

This vulnerability allows unauthenticated attackers to access Sync account data including credentials and email protection information. It affects use...

Rancher Manager's /meta/proxy endpoint improperly forwards Impersonate-Extra-* headers to external entities like amazonaws.com, potentially leaking se...

This vulnerability allows malicious Domain Admins or Resource Admins in Apache CloudStack to bypass domain isolation by exploiting flawed access contr...

This vulnerability in Intel Tiber Edge Platform's Edge Orchestrator software allows authenticated users with local access to potentially expose sensit...

This CVE describes a privacy vulnerability in iOS/iPadOS where an attacker with physical access to a locked device could view sensitive user informati...

This macOS vulnerability allows an attacker with physical access to a locked device to bypass authorization controls and view sensitive user informati...

This vulnerability allows a physically proximate attacker to extract sensitive information from the AIRTH SMART HOME AQI MONITOR via its exposed UART ...

This vulnerability in Nextcloud Server exposes fixed credentials for external storage configurations through the API and frontend. An attacker with an...

This vulnerability in Nextcloud Server exposes global credentials in plain text through the API response when an attacker has access to an active user...

Jellyfin's user profile image upload accepts SVG files that can contain malicious JavaScript. When an admin user views such an image outside the Jelly...

EnzoH contains an OS command injection vulnerability that allows attackers to execute arbitrary commands on affected systems. This affects systems run...

This vulnerability in Directus logs sensitive authentication tokens when using WebHook triggers in Flows, exposing access and refresh tokens in system...

GeoServer versions 2.10.0 through 2.24.3 and 2.25.0 expose environment variables and Java properties containing sensitive credentials to authenticated...

A permission control vulnerability in Huawei's media library module could allow unauthorized access to sensitive media files. This affects Huawei devi...

This vulnerability allows authenticated local attackers with administrative SSH access to access sensitive information on Cisco Video Phone 8875 and C...

This vulnerability allows group members with Developer or higher roles to access project-level analytics settings that should be restricted. It affect...