CWE-200: Information Exposure

This CVE describes an information disclosure vulnerability in Zulip's development branch where private channel names were leaked to all organization u...

This vulnerability allows authenticated attackers with SNMP credentials to obtain confidential operating system information from affected Cisco securi...

Apache CloudStack versions from 4.16.0 have an access validation flaw that allows authenticated users with knowledge of resource UUIDs to read or add ...

The BWD Elementor Addons WordPress plugin exposes sensitive template data including private, pending, and draft content. This vulnerability allows aut...

The Duplicate Post WordPress plugin allows authenticated users with Contributor-level access or higher to view sensitive content from draft, scheduled...

This vulnerability allows remote attackers to read arbitrary files on Tsinghua Unigroup Electronic Archives System servers by manipulating the 'path' ...

This vulnerability in Beijing Yunfan Internet Technology's Yunfan Learning Examination System 1.9.2 allows remote attackers to access sensitive inform...

The ElementsReady Addons for Elementor WordPress plugin exposes sensitive template data in versions up to 6.4.8. Authenticated attackers with Contribu...

The Jeg Elementor Kit WordPress plugin exposes sensitive template data through an information disclosure vulnerability. Authenticated attackers with C...

This vulnerability in the WordPress 'Increase Maximum Upload File Size' plugin discloses full server path information in error messages when image upl...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to extract sensitive private, pending, and draft templ...

This vulnerability in Cisco Identity Services Engine (ISE) allows authenticated remote attackers to recover service account passwords saved on affecte...

This vulnerability allows authenticated users in Devolutions DVLS to bypass intended access controls and view password history data they shouldn't hav...

This vulnerability in Mattermost allows attackers to discover private channel names they shouldn't have access to when using Elasticsearch v8 with the...

This vulnerability in EMQX Neuron up to version 2.10.0 allows remote attackers to access sensitive information through the /api/v2/schema endpoint of ...

This vulnerability allows unauthenticated attackers to obtain sensitive information from Waybox Enel X web management applications, including OS versi...

The Move Addons for Elementor WordPress plugin exposes sensitive template data through multiple widget files. Authenticated attackers with Contributor...

The Exclusive Addons for Elementor WordPress plugin exposes sensitive template data through a vulnerability in its tabs component. Authenticated attac...

The Elementor Header & Footer Builder WordPress plugin has an information disclosure vulnerability that allows authenticated users with Contributor-le...

The ElementInvader Addons for Elementor WordPress plugin has an information disclosure vulnerability that allows authenticated users with contributor-...

This vulnerability in the Royal Elementor Addons and Templates WordPress plugin allows authenticated attackers with subscriber-level access or higher ...

The Sina Extension for Elementor WordPress plugin exposes sensitive Elementor template data through a vulnerable widget function. Authenticated attack...

The ShopLentor (WooLentor) WordPress plugin has an information disclosure vulnerability that allows authenticated attackers with Contributor-level acc...

This vulnerability in The Plus Addons for Elementor WordPress plugin allows authenticated attackers with Contributor-level access or higher to extract...

This vulnerability in Zitadel identity management platform allows unauthorized access to applications and projects even after their parent organizatio...

This vulnerability in The Post Grid WordPress plugin allows authenticated users with contributor-level access or higher to view draft, scheduled, and ...

This CVE describes an information exposure vulnerability in CyberArk products where sensitive information could be accessed by unauthorized actors. Or...

This CVE describes an information exposure vulnerability in CyberArk products where sensitive information could be accessed by unauthorized actors. Or...

The Hide My Site WordPress plugin exposes sensitive information when password protection is enabled, allowing unauthenticated attackers to bypass the ...

CVE-2024-41698 is an information disclosure vulnerability that allows unauthorized actors to access sensitive information. This affects systems runnin...

This vulnerability in ZZCMS 2023 allows remote attackers to disclose sensitive information by manipulating the 'phome' parameter in the 'eginfo.php' f...

The ElementsKit Pro WordPress plugin has a vulnerability that allows authenticated users with Contributor-level permissions or higher to access sensit...

This vulnerability allows users with access to the reports admin section in Silverstripe to bypass authorization controls and view reports they should...

An information disclosure vulnerability in McAfee Secure Web Gateway (SWG) allows customized block page content to be leaked to third-party websites d...

This vulnerability in Otter Blocks PRO WordPress plugin allows authenticated users to access sensitive information they shouldn't have permission to v...

This vulnerability in anji-plus AJ-Report allows remote attackers to access sensitive information by manipulating the shareToken parameter in the /rep...

Archer Platform 6 contains a sensitive information disclosure vulnerability where authenticated attackers can access sensitive data through popup warn...

This vulnerability in Xunrui CMS 4.61 allows remote attackers to access sensitive information through the /dayrui/Fcms/View/system_log.html file. It a...

This vulnerability in Xunrui CMS 4.61 allows remote attackers to access sensitive information through the /config/myfield/test.php file. It affects al...

This vulnerability in GitLab allows authenticated users to access limited information from exported groups or projects belonging to other users. It af...

This CVE describes an information leak vulnerability affecting certain Honor products. Successful exploitation could allow unauthorized access to sens...

The Photo module in affected systems has an information leak vulnerability that could allow unauthorized access to sensitive data. This affects servic...

This CVE describes a permission verification bypass vulnerability in the Camera app that could allow unauthorized access to camera functionality. The ...

Dell PowerScale OneFS versions 9.5.0.0 through 9.11.0.0 contain an information disclosure vulnerability where unauthenticated remote attackers can acc...

This vulnerability allows applications to access autocompleted contact information from Messages and Mail that appears in system logs. It affects macO...

This vulnerability in Huawei's NearLink module allows unauthorized access to sensitive information due to insufficient permission verification. It aff...

HCL AION 2.0 lacks proper HTTP Strict-Transport-Security headers, allowing attackers to force insecure HTTP connections or downgrade HTTPS to HTTP. Th...

This CVE describes an information disclosure vulnerability in ixray-1.6-stcop software where sensitive information can be accessed by unauthorized act...

This vulnerability in PHPGurukul News Portal 1.0 allows remote attackers to extract sensitive information through debug mode exposure. The attack inse...

This vulnerability in curl versions before 8.1.0 causes information disclosure when reusing a handle between PUT and POST requests. It affects applica...