CWE-200: Information Exposure

CVE-2023-43791 is a privilege escalation vulnerability in Label Studio that allows attackers to chain an ORM leak vulnerability with other flaws to im...

This vulnerability in Veeam ONE allows unauthenticated attackers to obtain SQL server connection details for the configuration database. This informat...

This vulnerability allows unauthenticated remote attackers to read and write to the snmpmon.ini configuration file in Advantech R-SeeNet software. Att...

CVE-2022-48510 is an input verification vulnerability in Huawei's AMS (Activity Manager Service) module that allows attackers to perform unauthorized ...

CVE-2023-22577 is an information disclosure vulnerability in White Rabbit Switch that allows unauthenticated attackers to retrieve sensitive informati...

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows attackers with basic privileges to access and decrypt lcmbiar files, e...

HGiga PowerStation has an information leakage vulnerability that allows unauthenticated remote attackers to obtain administrator credentials. These cr...

This vulnerability in libcurl allows an attacker to cause memory corruption or data leakage when reusing a handle from a PUT to a POST request. Applic...

Dell PowerStore storage systems have an open port vulnerability that allows remote unauthenticated attackers to access sensitive information and execu...

A netfilter flaw allows network-connected attackers to infer OpenVPN connection endpoint information by analyzing network traffic patterns. This affec...

The ECOA BAS controller has an insecure direct object reference vulnerability that allows unauthenticated attackers to access configuration files via ...

Dell OpenManage Enterprise versions before 3.6.1 have an improper authentication vulnerability that allows remote unauthenticated attackers to hijack ...

CVE-2021-27850 is a critical unauthenticated remote code execution vulnerability in Apache Tapestry that allows attackers to bypass previous security ...

CVE-2019-14480 is an improper session handling vulnerability in AdRem NetCrunch's web client that allows attackers to bypass authentication or escalat...

An authenticated vulnerability in Flowise Cloud allowed free-tier users to access sensitive environment variables from other tenants via the Custom Ja...

This vulnerability in Laf cloud development platform allows authenticated users to access logs from any Kubernetes pod within the same namespace witho...

This vulnerability in NETGEAR Orbi WiFi systems allows unauthorized disclosure of sensitive information from affected devices. It impacts NETGEAR RBK3...

NETGEAR XR1000 routers running firmware versions before 1.0.0.58 contain a vulnerability that allows unauthorized disclosure of sensitive information....

Flag Forge CTF platform versions 2.0.0 through 2.3.1 have unauthenticated API endpoints that allow unauthorized users to view all badge templates with...

CVE-2021-29483 is an information disclosure vulnerability in ManageWiki, a MediaWiki extension. It allows any user to access private configuration var...

This vulnerability in GeoServer allows unauthorized attackers to perform XML External Entity (XXE) attacks by bypassing URI validation. Attackers can ...

CVE-2020-7819 is a critical SQL injection vulnerability in nTracker USB Enterprise software that allows remote unauthenticated attackers to execute ar...

This vulnerability in Firefox for Android allows attackers to view password-related screens when switching between apps using the card carousel. Previ...

This vulnerability allows institution administrators in Mahara to view sensitive information on the 'Current submissions' page that they should not ha...

This vulnerability in the pgai Python library allowed attackers to exfiltrate all secrets used in a workflow, including the GITHUB_TOKEN with write pe...

The PrinterShare Android application allows attackers to capture Gmail authentication tokens, enabling unauthorized access to users' Gmail accounts. T...

CVE-2024-41259 is a vulnerability in Navidrome v0.52.3 where Gravatar's service uses an insecure hashing algorithm, allowing attackers to manipulate u...

TightVNC Server for Windows before version 2.8.84 exposes its control pipe to network connections, allowing attackers to potentially execute unauthori...

This vulnerability allows attackers to join any organization by knowing its ID, bypassing permission checks. Once joined, they gain full read/write ac...

This vulnerability in OpenClinic GA allows unauthenticated attackers to retrieve patient lists via direct API queries to searchByAjax/patientslistShow...

This vulnerability in Apache Aurora allows unauthenticated attackers to exploit an information disclosure endpoint as a padding oracle to forge valid ...

CVE-2024-24825 is an information exposure vulnerability in DIRAC distributed resource framework where any user can obtain tokens requested by other us...

This CVE describes a component exposure vulnerability in Huawei Wi-Fi modules that could allow attackers to compromise service availability and integr...

This CVE describes a key management vulnerability in Huawei systems that could allow attackers to compromise service availability and integrity. It af...

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated administrators to steal login tokens of any logged-in us...

This vulnerability in Huawei's MediaProvider module allows unauthorized data reading, potentially exposing sensitive media files and metadata. It affe...

This vulnerability in certain NETGEAR routers allows unauthorized disclosure of sensitive information. Attackers can potentially access confidential d...

The Amazon Pay Plugin for Shopware before version 9.4.2 exposes sensitive Amazon secret keys in publicly accessible JavaScript files. This allows unau...

This vulnerability allows users with Backup Operator or Tape Operator privileges to write files with root/system-level permissions, potentially leadin...

This vulnerability allows attackers to extract SSL/TLS private keys and certificates from Syrotech GPON devices. Attackers can impersonate legitimate ...

Fleet Server logs sensitive information from Fleet policies at INFO and ERROR log levels, potentially exposing credentials, API keys, or other confide...