CWE-200: Information Exposure

This vulnerability allows attackers to obtain administrative credentials on affected NETGEAR routers. It affects RAX35, RAX38, and RAX40 routers runni...

Scraparr versions 3.0.0-beta through 3.0.1 expose Readarr API keys in Prometheus metrics when Readarr integration is enabled without an alias. This al...

CVE-2024-26480 is an information disclosure vulnerability in Statping-ng v0.91.0 that allows attackers to access sensitive information through crafted...

CVE-2024-26477 is an information disclosure vulnerability in Statping-ng v0.91.0 that allows attackers to access sensitive information through crafted...

The Ninja Forms WordPress plugin has a vulnerability that allows unauthenticated attackers to extract sensitive post metadata from any post on the sit...

The MCP Salesforce Connector prior to version 0.1.10 allows arbitrary attribute access that can lead to disclosure of Salesforce authentication tokens...

This vulnerability allows unauthorized access to forum post custom fields through JSON output, bypassing access control settings. It affects EasyDiscu...

This vulnerability allows unauthorized actors to access directory listings in AKCE Software Technology's SKSPro software, potentially exposing sensiti...

This timing attack vulnerability in PolarLearn allows unauthenticated attackers to enumerate valid user email addresses by measuring login response ti...

This vulnerability in Discourse allows attackers to obtain sensitive information about private resources through URL redirects. When users without pro...

This vulnerability in continuous.software aangine v.2025.2 allows remote attackers to access sensitive information through multiple service endpoints....

An unauthenticated information disclosure vulnerability in the Aptsys gemscms backend platform exposes cashier account details including MD5-hashed pa...

This vulnerability in ALGO 8180 IP Audio Alerter devices allows remote attackers to obtain authentication cookies from the web UI response body withou...

This vulnerability in Apache Airflow exposes sensitive values like passwords and API keys in cleartext in the Rendered Templates UI when template fiel...

This vulnerability allows unauthenticated attackers to retrieve plaintext passwords for all users, including administrators, via exposed APIs in BLUVO...

A vulnerability in HPE Instant On Access Points router mode configuration exposes internal network configuration details through packet inspection. Ma...

This vulnerability allows unauthenticated remote attackers to retrieve sensitive information from Senstar Symphony installations via the FetchStoredLi...

This vulnerability allows unauthorized attackers to access sensitive information through insecure permissions in the GT Edge AI Platform's /api/v1/age...

In Delphix Continuous Compliance 2025.3.0+, incorrect End-of-Record (EOR) configuration for delimited files can cause parsing errors that leave person...

A FaceTime remote control vulnerability allows password fields to be unintentionally revealed during screen sharing sessions. This affects users of Ap...

This CVE describes a Spectre-style speculative execution vulnerability in XiangShan RISC-V processors that allows attackers to extract sensitive infor...

A directory traversal vulnerability in ComposioHQ v0.7.20 allows remote attackers to access sensitive files outside the intended directory via the _do...

This vulnerability allows unauthenticated attackers to determine valid usernames in TCMAN GIM v11 systems by exploiting a user enumeration flaw in the...

This vulnerability allows unauthenticated attackers to determine valid usernames in TCMAN GIM v11 systems by exploiting a user enumeration flaw in the...

An unauthenticated information disclosure vulnerability in GroceryMart's users.json file exposes plaintext credentials. Attackers can access usernames...

The OneClick Chat to Order WordPress plugin has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to access sens...

This vulnerability allows unauthenticated attackers to retrieve admin credentials and system settings from ELCA Star Transmitter Remote Control device...

This vulnerability allows attackers to retrieve sensitive information including administrator passwords via the /probe/core/setup/passwd endpoint in b...

This vulnerability allows remote unauthenticated attackers to access a web-accessible database backup file containing the complete database schema and...

This vulnerability in Desktop Alert PingAlert exposes sensitive information to unauthorized actors. It affects users running Application Server versio...

This vulnerability in the File Manager for Google Drive WordPress plugin exposes sensitive Google OAuth credentials and account email addresses to una...

This vulnerability in BESSystem BES Application Server allows unauthorized attackers to access sensitive information through improper configuration of...

This vulnerability allows unauthorized disclosure of email passwords in BLU-IC2 and BLU-IC4 devices. Attackers can potentially access sensitive email ...

This vulnerability in CBK Soft's enVision software allows attackers to perform account footprinting by exploiting observable discrepancies that expose...

This vulnerability in Oracle Java's JAXP component allows unauthenticated attackers to access sensitive data via network protocols. It affects multipl...

This vulnerability in AutoBizLine's com.mysecondline.app allows attackers to bypass authentication and log in as other users, gaining unauthorized acc...

CVE-2025-61665 is a broken access control vulnerability in WeGIA, an open-source web manager for charitable institutions. Unauthenticated attackers ca...

YOSHOP 2.0 exposes sensitive user information through unauthenticated API endpoints. Attackers can retrieve bcrypt password hashes, mobile numbers, an...

CVE-2025-45994 is an information disclosure vulnerability in Aranda PassRecovery v1.0 that allows attackers to enumerate valid Active Directory user a...

This vulnerability in Firefox for Android's Privacy component allows attackers to bypass privacy protections and access sensitive information that sho...

Hoverfly versions 1.11.3 and prior have an authentication bypass vulnerability in the admin WebSocket endpoint /api/v2/ws/logs. Unauthenticated attack...

The Xagio SEO plugin for WordPress versions up to 7.1.0.5 exposes sensitive data through its backup functionality due to weak filename structure and l...

Mahara's experimental HTML bulk export feature fails to clear cached images between user exports, allowing users who receive exported files to potenti...

This vulnerability in Microsoft Exchange Server allows unauthorized attackers to access sensitive information over the network. Attackers can exploit ...

This vulnerability in Emsisoft Anti-Malware allows remote attackers to steal Net-NTLMv2 hashes by tricking users into scanning specially crafted A2S f...

This vulnerability in Perplexity AI GPT-4 version 2.51.0 allows attackers to extract sensitive information from shared chat URLs by exploiting the tok...

The Total Upkeep WordPress backup plugin exposes sensitive information through publicly accessible files (env-info.php and restore-info.json), allowin...

Discourse users on vulnerable versions can continue to view their own 'whisper' posts even after being removed from groups with whisper permissions. T...

This vulnerability in Versa Director SD-WAN orchestration platform exposes the websockify service on port 6080 by default, allowing internet access to...

An absolute path disclosure vulnerability in DM Corporative CMS allows attackers to view webroot file contents by accessing non-existent files. This e...