CWE-200: Information Exposure

This vulnerability in the Ninja Forms WordPress plugin allows low-privileged users (like subscribers) to install and activate the SendWP plugin withou...

This vulnerability in the Entropy Derby betting engine allows bettors to bypass the time-delay encryption system by pre-computing VDF outputs. The bet...

This vulnerability in z80pack's GitHub Actions workflow exposes the repository's GITHUB_TOKEN in publicly accessible build artifacts. Attackers who do...

The MoneySpace WordPress plugin exposes full payment card details including CVV codes to unauthenticated attackers. Any WordPress site using MoneySpac...

This vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows unauthenticated attackers with network access via HTTP t...

Omni, a Kubernetes management platform, has an API vulnerability that can leak sensitive information. This affects all deployments using Omni versions...

This vulnerability allows DNS requests to bypass SOCKS proxy configurations when Multi-Account Containers is enabled and either the domain name is inv...

This vulnerability in Directus exposes sensitive data including environmental variables, API keys, and user information when a Flow with a Webhook tri...

This CVE describes an information exposure vulnerability in Schneider Electric products where unauthorized actors can access restricted web pages, mod...

The TeploBot WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to retrieve the Telegram Bot Token. This...

An unauthenticated attacker can exploit this vulnerability in Oracle Retail Xstore Office via HTTP to access sensitive data. This affects versions 19....

CVE-2021-23855 exposes user credentials through an unprotected web server resource in affected Bosch products. Attackers can retrieve weakly hashed pa...

This vulnerability allows unauthenticated attackers to access sensitive configuration data including user credentials and device information through u...

CVE-2021-32820 is a file disclosure vulnerability in express-handlebars where the layout parameter can be manipulated to read arbitrary files with exi...

This vulnerability in Weave GitOps Terraform Controller allows authenticated remote attackers to view sensitive information like configurations and to...

This vulnerability allows attackers to exploit JavaScript pre-processing in Zabbix Server or Proxy to gain read-only file system access under the 'zab...

This vulnerability in SAP BusinessObjects Business Intelligence platform allows authenticated attackers to access sensitive information that should be...

The Intelbras IWR 3000N router firmware version 1.9.8 exposes Wi-Fi passwords in plaintext through an unauthenticated API endpoint. Any attacker on th...

CVE-2017-18306 is an information disclosure vulnerability in Qualcomm components that allows attackers to read uninitialized memory due to improper va...

This vulnerability allows a network-adjacent attacker with root access to a Test Agent Appliance to access sensitive information about downstream devi...

CVE-2023-4164 is an information disclosure vulnerability in Pixel Watch health data components where missing permission checks allow unauthorized acce...

This CVE describes a misconfiguration in Tauri applications using Vite that can leak private signing keys and passwords into bundled frontend code. At...

CVE-2025-26604 is a critical vulnerability in Discord-Bot-Framework-Kernel that allows arbitrary code execution through user-submitted modules, potent...

Contao CMS versions 4.9.0 through 4.13.39 and 5.0.0 through 5.3.3 inadvertently send session cookies to external URLs when checking for broken links o...

This vulnerability in the Responsive Menu WordPress plugin allows attackers to leak nonce tokens, which can then be used to perform unauthorized actio...

CVE-2021-36198 is an information disclosure vulnerability in Johnson Controls Metasys products that allows unauthorized users to access sensitive data...

This vulnerability in Azure Functions allows unauthorized access to sensitive information such as environment variables, configuration files, or appli...

This vulnerability in Beyaz Bilgisayar CityPLus software allows unauthorized actors to detect unpublicized web pages, exposing sensitive system inform...

Autocaliweb versions before 0.8.3 expose sensitive configuration data including API keys in debug packs. The to_dict() method fails to filter sensitiv...

The umatiGateway software exposes its web interface publicly by default in Docker deployments, allowing unauthorized users to view and modify configur...

This vulnerability allows attackers with valid certificates to craft malicious DDS Participants or ROS 2 Nodes that can compromise secure DDS databus ...

This vulnerability allows attackers with valid certificates to create malicious DDS Participants or ROS 2 Nodes that can compromise and gain full cont...

This vulnerability allows attackers with valid certificates to craft malicious DDS Participants or ROS 2 Nodes that can compromise secure DDS databus ...

This vulnerability in Nextcloud Mail allows email account setup details to be sent to attacker-controlled servers when auto-configuration fails. Attac...

CVE-2024-6506 is an information exposure vulnerability in the MRW plugin version 5.4.3 that allows remote attackers to access other customers' order i...

This vulnerability in Section Camera software allows unauthorized attackers to change administrator and user account passwords without proper authenti...

This vulnerability affects Brocade SANnav management software versions before v2.3.1 and v2.3.0a. It allows unauthenticated remote attackers to detect...

This vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management allows unauthenticated attackers with network access via HTTP to acc...

CVE-2023-39736 is an information disclosure vulnerability in Fukunaga_memberscard Line 13.6.1 that leaks client secrets, allowing attackers to obtain ...

This vulnerability in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the client secret, which can then be used to steal the channel acces...

An unauthenticated information exposure vulnerability in IBERMATICA RPS 2019 allows attackers to access sensitive data by triggering logging through a...

CVE-2022-47554 allows unauthenticated remote attackers to access sensitive XML files containing credentials and other critical information in ekorCCP ...

Parse Server LiveQuery improperly exposes protected fields to clients, allowing unauthorized access to sensitive data. This affects all Parse Server d...

This vulnerability in Delta Electronics DVP-12SE11T PLC allows attackers to bypass authentication by obtaining partial password information through im...

This vulnerability allows apps to bypass entitlement checks and fingerprint users on Apple devices. It affects visionOS, tvOS, iOS, iPadOS, and watchO...

This vulnerability in Oracle Product Hub allows authenticated attackers with low privileges to perform unauthorized data manipulation and access via H...

The Harmony SASE agent may expose sensitive log files uploaded during troubleshooting to unauthorized parties. This information disclosure vulnerabili...

A vulnerability in Aver PTC310UV2 firmware allows remote attackers to retrieve sensitive information through specially crafted requests. This affects ...

This vulnerability allows search terms to persist in the URL bar after navigating away from search pages, potentially exposing sensitive search querie...

This vulnerability in Apache CloudStack allows project members with access to CKS-based Kubernetes clusters to steal the API and secret keys of the cl...