CWE-200: Information Exposure

OpenClaw personal AI assistant versions before 2026.2.14 could expose sensitive configuration secrets to clients with read-only permissions. The vulne...

A low-privileged user without admin role can access Splunk Monitoring Console endpoints due to improper access control in vulnerable Splunk Enterprise...

This vulnerability in WeKan allows remote attackers to access sensitive information through the Meteor Publication Handler in the cards.js component. ...

The WP Recipe Maker WordPress plugin up to version 10.2.2 contains an information exposure vulnerability where authenticated users with Contributor-le...

The GenerateBlocks WordPress plugin up to version 2.1.2 has an information exposure vulnerability that allows authenticated users with Contributor-lev...

SIMATIC CN 4100 devices expose server information in responses, allowing attackers with network access to gather reconnaissance data. This information...

The Beaver Builder WordPress plugin up to version 2.9.4 contains an information disclosure vulnerability that allows authenticated users with Contribu...

This vulnerability allows low-privileged Splunk users who subscribe to mobile push notifications to receive notification titles and descriptions for r...

This vulnerability allows authenticated users in Search Guard FLX to read documents from data streams without proper authorization when enterprise mod...

This CVE describes an information disclosure vulnerability in nutzam NutzBoot's Ethereum Wallet Handler component. Attackers can remotely exploit this...

This vulnerability in yungifez Skuul School Management System allows remote attackers to access sensitive information through improper handling of ima...

This vulnerability allows any authenticated user in OrangeHRM to download candidate attachments (CVs, documents) without proper authorization checks. ...

OrangeHRM versions 5.0 to 5.7 have an authorization bypass vulnerability in the Recruitment module's interview attachment endpoint. Authenticated ESS-...

This vulnerability allows any authenticated Mattermost user to view team email addresses that should only be visible to Team Admins. The information d...

CVE-2025-13765 allows non-administrative users in Devolutions Server to access email service credentials, potentially exposing sensitive authenticatio...

This CVE describes an information disclosure vulnerability in Apache CloudStack where authorized users could occasionally access data beyond their int...

This vulnerability allows non-admin users in Revive Adserver to view contact names and email addresses of other users due to insecure design policies....

This vulnerability allows read-only administrators in Fortinet FortiADC to access external resource passwords through system logs. It affects multiple...

CVE-2025-64705 is an information disclosure vulnerability in Frappe Learning Management System (LMS) that allows authenticated users to access other s...

This vulnerability in the WP Import – Ultimate CSV XML Importer WordPress plugin allows authenticated attackers with Author-level access or higher t...

An authenticated information disclosure vulnerability in Cisco Unified Intelligence Center allows low-privileged users to access sensitive system info...

This vulnerability in atjiu pybbs allows remote attackers to access sensitive information through an unknown function in UserApiController.java. It af...

This vulnerability allows authenticated attackers with low privileges to read sensitive data from Oracle Life Sciences InForm web servers. It affects ...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated attackers with low privileges to read sensitive data they shouldn'...

Opencast's editor may publish videos without user notification when users with write access click 'Save & Publish' then select 'Save' instead. This co...

This vulnerability in Portabilis i-Educar allows unauthorized access to class information via the /module/Avaliacao/diarioApi endpoint. Attackers can ...

CVE-2025-55052 is an information disclosure vulnerability that allows unauthorized actors to access sensitive data. This affects systems with the vuln...

This vulnerability allows authenticated backend users in TYPO3 CMS to download CSV files containing data from database tables they shouldn't have acce...

This vulnerability in Jenkins Git client Plugin allows attackers with Overall/Read permission to determine whether specific file paths exist on the Je...

This vulnerability in RemoteClinic allows attackers to remotely exploit the /patients/edit-patient.php endpoint by manipulating the Email parameter, l...

This CVE describes an information disclosure vulnerability in diyhi bbs versions up to 6.8. Attackers can exploit a flaw in the File Compression Handl...

CVE-2025-9240 is an information disclosure vulnerability in elunez eladmin up to version 2.7. The flaw in the /auth/info endpoint allows remote attack...

This vulnerability in Scada-LTS 2.7.8.1 allows information disclosure through the /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr endpoint. Attack...

The EventON Lite WordPress plugin versions up to 2.4.6 contain an information exposure vulnerability that allows unauthenticated attackers to access p...

The B Slider WordPress plugin exposes installed plugin information to authenticated users with subscriber-level access or higher. This vulnerability a...

This vulnerability allows guest users in Apache Superset to access database schema information through the /chart/data endpoint. The API response impr...

This vulnerability in WuKongCRM 11.0 allows remote attackers to obtain sensitive information through error messages exposed by the API Response Handle...

CVE-2025-46388 is an information disclosure vulnerability (CWE-200) that allows unauthorized actors to access sensitive information. This affects syst...

This vulnerability in ChanCMS allows remote attackers to access sensitive information by manipulating accessKey/secretKey parameters in the /sysApp/fi...

This vulnerability allows authenticated SSL-VPN users to access full SSL-VPN configuration settings through specially crafted URLs. It affects FortiOS...

An unauthenticated remote attacker can exploit improper HTTP request sanitization in Cisco Customer Collaboration Platform's web chat interface to red...

This CVE describes an XS-Leaks (Cross-Site Leaks) vulnerability in Firefox and Thunderbird where script elements loading cross-origin resources genera...

This vulnerability in Summer Pearl Group Vacation Rental Management Platform allows remote attackers to obtain sensitive information through improper ...

This vulnerability in D-Link DI-7003GV2 routers allows attackers on the local network to access sensitive information through the HTTP endpoint. The i...

This vulnerability in Dígitro NGC Explorer 3.44.15 exposes password fields on configuration pages without proper masking, allowing shoulder surfing o...

This vulnerability in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7 allows remote attackers to access sensitive informatio...

This vulnerability in paicoding 1.0.3 allows unauthorized users to view other users' browsing history through the /user/home endpoint. Attackers can r...

This vulnerability in Tempo Operator allows users with full namespace access to extract ServiceAccount tokens and use them to query Kubernetes API per...

This vulnerability in the WidgetKit plugin for WordPress allows authenticated users with Contributor-level access or higher to view sensitive template...

The GenerateBlocks WordPress plugin exposes sensitive content from private, draft, and scheduled posts/pages through the 'get_image_description' funct...