CWE-200: Information Exposure

Devolutions Server versions through 2025.2.20 and 2025.3.8 expose credentials in unintended requests, potentially leaking sensitive authentication dat...

This vulnerability allows low-privileged Splunk users to bypass SPL safeguards for risky commands by exploiting character encoding in REST API paths. ...

This macOS vulnerability allows applications to access sensitive contact information that should be redacted in system logs. It affects macOS users ru...

A vulnerability in BIG-IP Edge Client and browser VPN clients on Windows may allow attackers to access sensitive information. This affects Windows use...

This CVE describes an information disclosure vulnerability in iOS/iPadOS where malicious apps could enumerate which other apps are installed on a devi...

This CVE describes an information disclosure vulnerability in Apple operating systems where an app could identify what other apps a user has installed...

This CVE describes an information disclosure vulnerability in iOS/iPadOS that allows apps to fingerprint users, potentially revealing unique device or...

This vulnerability in MineAdmin 1.x/2.x allows remote attackers to disclose sensitive information by manipulating the ID parameter in the /system/down...

This vulnerability in MineAdmin 1.x/2.x allows remote attackers to access sensitive information through manipulation of the ID parameter in the /syste...

This vulnerability in Halo's Configuration Handler component allows remote attackers to access sensitive information through the /actuator endpoint. I...

Windmill versions 1.634.6 and below expose Slack OAuth client secrets to non-admin users through the GET /api/w/{workspace}/workspaces/get_settings en...

Dell PowerProtect Data Domain systems running affected DD OS versions contain an information disclosure vulnerability. A high-privileged attacker with...

This vulnerability in JeecgBoot allows attackers to exploit the getDeptRoleByUserId function by manipulating the departId parameter, leading to unauth...

This vulnerability in HCL BigFix IVR 4.2 allows privileged attackers to disrupt service availability by exploiting administrative services bound to ex...

BigBlueButton versions 3.0.19 and below have a vulnerability where clients send audio to the server even when muted during initial session join. While...

This vulnerability in Beetel 777VR1 routers allows attackers with physical access to the device to extract sensitive information via the UART interfac...

Samsung MultiXpress multifunction printers expose sensitive configuration data including address book entries through unauthenticated APIs. This affec...

This vulnerability allows attackers to access sensitive information by predicting Google Cloud Storage bucket names used by the Agentspace service for...

This CVE describes an information disclosure vulnerability in MediaWiki where sensitive information can be exposed to unauthorized users. The vulnerab...

This CVE describes an information disclosure vulnerability in MediaWiki's User.php file that could allow attackers to access sensitive user data. The ...

Neo4j Enterprise edition is vulnerable to an information disclosure attack where authenticated users can infer property values they shouldn't have acc...

The TP-Link Tapo mobile app for iOS and Android exposes password hashes through an unauthenticated API response, allowing attackers on the same local ...

This CVE describes an information disclosure vulnerability in EDK2 BIOS firmware where an attacker with local access can potentially read sensitive in...

The Silicon Labs Simplicity Device Manager web interface exposes NTLMv2 authentication hashes to unauthenticated attackers when accessed publicly. Thi...

This vulnerability in Core Bot, an open-source Discord bot for Maple Hospital servers, allows sensitive API keys (SUPABASE_API_KEY, TOKEN) to be inadv...

ATISoluciones CIGES Application versions 2.15.6 and earlier expose sensitive information through detailed error messages when unhandled exceptions occ...

This vulnerability in Search Guard FLX allows unauthorized document access when searches are triggered from Signals watches. Document-Level Security (...

This vulnerability allows any Windows user on a system with Studio 5000 Simulation Interface to execute arbitrary code with Administrator privileges v...

This vulnerability allows unauthenticated attackers to retrieve sensitive customer information from Viday systems by making HTTP GET requests to a spe...