CWE-200: Information Exposure

This vulnerability in Fortinet FortiSIEM allows attackers to execute unauthorized code or commands via API requests, potentially leading to full syste...

This vulnerability allows authenticated users in Zohocorp ManageEngine Analytics Plus to retrieve sensitive tokens associated with the org-admin accou...

This vulnerability in Oracle Process Manufacturing Financials allows authenticated attackers with low privileges to access and modify critical data vi...

This vulnerability in MESbook 20221021.03 allows a local attacker with user privileges to access unauthorized resources by manipulating API values. It...

This vulnerability allows authenticated users on Azure Data Science Virtual Machines (DSVM) to elevate privileges to root/administrator level. It affe...

This vulnerability allows authenticated users to capture password recovery tokens from other users via the API, enabling account takeover by resetting...

A host header injection vulnerability in FullStackHero's WebAPI Boilerplate allows attackers to leak password reset tokens by manipulating the host he...

This vulnerability in the miniOrange WordPress Two Factor Authentication plugin exposes sensitive information to unauthorized actors. It affects all v...

CVE-2023-47619 is a critical vulnerability in Audiobookshelf where users with update permissions can read arbitrary files, delete arbitrary files, and...

This vulnerability allows malicious websites to access the recovery mnemonic phrase when the Freighter Stellar wallet browser extension is unlocked. I...

This vulnerability in Apache Airflow allows authenticated users with Connection edit privileges to access connection information and abuse the test co...

CVE-2021-43938 allows unauthenticated attackers to access sensitive files on Elcomplus SmartPTT SCADA Server without credentials. This affects organiz...

CVE-2021-43963 is a privilege escalation vulnerability in Couchbase Sync Gateway where bucket credentials are insecurely stored in sync documents. Use...

This vulnerability in Nextcloud Talk allows user impersonation through username reuse, enabling unauthorized access to chat messages. Attackers who ca...

This vulnerability exposes OSDP key material to unauthorized Command Centre Operators in Gallagher Command Centre Server, potentially allowing them to...

Unauthenticated attackers can access sensitive database backup files containing user credentials through exposed URLs in GatesAir Maxiva transmitters'...

Unauthenticated attackers can access debug log files containing session IDs and authentication tokens in GatesAir Maxiva transmitters. This allows ses...

The Essential Addons for Elementor WordPress plugin exposes sensitive user information through password reset email notifications. Authenticated attac...

This vulnerability in Microsoft Dynamics Business Central/NAV allows attackers to access sensitive information without proper authorization. It affect...

Guzzle PHP HTTP client versions prior to 6.5.6 and 7.4.3 have a cookie domain validation vulnerability that allows malicious servers to set cookies fo...

This vulnerability allows attackers to gain elevated system privileges by tricking a privileged user into clicking a malicious URL that compromises se...

The LikeBtn WordPress plugin before version 2.6.38 lacks authorization and CSRF protection in its export function, allowing any authenticated user (ev...

CVE-2021-42536 allows unauthorized users to read sensitive global variables containing peer username and password credentials. This affects systems ru...

CVE-2024-37307 is a sensitive data exposure vulnerability in Cilium's cilium-bugtool debugging utility. When run with the --envoy-dump flag against de...

This vulnerability in certain NETGEAR routers allows unauthorized disclosure of sensitive information. Attackers can potentially access confidential d...

A local information exposure vulnerability in Technicolor CGA2121 routers allows attackers with physical or network access to extract sensitive WiFi c...

This vulnerability allows any third-party app on affected Luna Simo devices to read the device's IMEI values without requiring any permissions. The IM...

A local privilege escalation vulnerability in the KVM subsystem for s390 architecture in Linux kernel allows a local attacker with normal user privile...

This vulnerability allows guest users on Android devices to view and modify Wi-Fi settings for all configured access points due to a permissions bypas...

This vulnerability in n8n workflow automation platform allows uninitialized memory allocation via Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in...

A logic bug in KubeVirt's hostDisk feature allows attackers to read and write arbitrary files owned by privileged users on the host system. This affec...

Anyquery versions 0.4.3 and below expose an unauthenticated HTTP server on localhost that allows attackers with local access to access private integra...

This vulnerability in Azure Virtual Machines allows an authorized attacker to access sensitive information over the network. It affects Azure VM deplo...

This vulnerability allows malicious iOS/iPadOS apps to enumerate which other apps are installed on a user's device. It affects users running iOS/iPadO...

CVE-2025-23212 is an information disclosure vulnerability in Tandoor Recipes that allows any user to enumerate and read files on the server through th...

This CVE describes a privacy preference bypass vulnerability in macOS that allows applications to circumvent user-configured privacy settings. Affecte...

This CVE describes an information disclosure vulnerability in Kibana where users without Fleet privileges can view Elastic Agent policies that may con...

This CVE describes a memory leak vulnerability in the Linux kernel's ALSA HDA Intel SoundWire ACPI driver. The vulnerability occurs when device_get_na...

A credentials leak vulnerability in the OpenShift Container Platform (OCP) cluster monitoring operator allows remote attackers with basic login creden...

This vulnerability in Vela CI/CD framework allows pipeline authors to bypass secret masking by injecting secrets into plugin parameters, which can the...

The InstaWP Connect WordPress plugin versions up to 0.1.0.9 contain a sensitive data exposure vulnerability that allows unauthorized actors to access ...

This vulnerability in Red Hat OpenShift Data Science exposes S3 credentials in plain text when exporting pipelines from the Elyra notebook pipeline ed...

Guzzle PHP HTTP client versions before 6.5.8 and 7.4.5 leak Authorization headers during cross-origin redirects when using the cURL handler. This expo...

Gophish versions up to 0.12.1 expose users' long-lived API keys in the HTML/JavaScript of the administrative dashboard on every login. This allows any...

HCL iAutomate has a sensitive data exposure vulnerability that allows unauthorized access to confidential information stored within the system. This a...

Deno 1.44.0 incorrectly sends .npmrc authentication credentials to tarball URLs on different domains when a private registry provides cross-domain tar...

This vulnerability exposes Kafka services on the WAN interface of Brocade SANnav management software, allowing unauthenticated attackers to perform de...

CVE-2024-24757 is an information exposure vulnerability in open-irs where sensitive environment variables from the .env file were accidentally committ...

A vulnerability in Gradle Build Action versions prior to 2.4.2 exposes GitHub Actions secrets when the Gradle configuration cache is enabled. Secrets ...

This vulnerability allows attackers to obtain administrative credentials on affected NETGEAR routers. It affects RAX35, RAX38, and RAX40 routers runni...