CWE-200: Information Exposure

The Wise Chat WordPress plugin exposes sensitive information through insecure file storage in the uploads directory. Unauthenticated attackers can acc...

Apache IoTDB's OpenIdAuthorizer component logs sensitive authentication information, potentially exposing credentials or tokens to unauthorized actors...

CVE-2025-32044 is an information disclosure vulnerability in Moodle where unauthenticated attackers can retrieve sensitive user data including names, ...

CVE-2025-23174 is an information disclosure vulnerability that allows unauthorized actors to access sensitive data. This affects systems with improper...

This vulnerability allows attackers to retrieve administrator credentials in plaintext from Soundcraft Ui Series digital mixers via the /socket.io/1/w...

An unauthenticated vulnerability in Oracle BI Publisher's XML Services allows remote attackers to access sensitive data via HTTP. This affects Oracle ...

CVE-2025-29805 is an information disclosure vulnerability in Outlook for Android that allows unauthorized attackers to access sensitive information ov...

This vulnerability allows unauthenticated attackers to access sensitive files stored in the /wp-content/uploads/kbs directory of WordPress sites using...

This vulnerability allows unauthenticated attackers to access sensitive files stored in the Awesome Support WordPress plugin's upload directory. All W...

This vulnerability in Frappe framework allows attackers to make crafted requests that disclose sensitive information, potentially leading to account t...

This vulnerability in Devolutions Server exposes SSH passwords in the web-based authentication component due to missing password masking. An authentic...

A vulnerability in parse-git-config v3.0.0 allows attackers to read sensitive information from git configuration files through improper handling in th...

CVE-2025-26167 is an arbitrary file read vulnerability in Buffalo LS520D NAS devices running firmware version 4.53. Unauthenticated attackers can expl...

The Fluent Support WordPress plugin exposes sensitive ticket attachments to unauthenticated attackers through insecure directory access. All WordPress...

This vulnerability allows attackers to extract hardcoded cleartext credentials from Bosscomm IF740 OBD2 tablets during the update or boot process. Aff...

This vulnerability in IKEA CN iOS app version 4.13.0 allows attackers to access sensitive user information by tricking users into clicking a specially...

This vulnerability in QiboSoft QiboCMS X1.0 allows remote attackers to retrieve sensitive information by exploiting the http_curl() function in the co...

CVE-2024-57716 is an information disclosure vulnerability in trenoncourt AutoQueryable v1.7.0 that allows remote attackers to access sensitive data th...

The File Uploads Addon for WooCommerce WordPress plugin exposes sensitive customer data through insecure directory permissions. Unauthenticated attack...

This vulnerability allows attackers to manipulate URLs to access sensitive network information through improper exposure of data. It affects systems r...

The JS Help Desk WordPress plugin exposes sensitive support ticket attachments to unauthenticated attackers through an insecure directory. All WordPre...

This vulnerability in Zertificon Z1 SecureMail Gateway allows remote attackers to access sensitive information through the /compose-pdf.xhtml endpoint...

This vulnerability allows unauthenticated attackers to access sensitive file attachments from WordPress support tickets stored in an insecure director...

This vulnerability in Octopus Server allows attackers to use the preview import feature to determine whether specific files exist on the target system...

Polycom RealPresence Group 500 video conferencing systems running firmware version 20 or earlier have insecure permissions that automatically load coo...

This vulnerability in reNgine allows any authenticated user (including those with low-privilege roles like Auditor) to extract sensitive information a...

This vulnerability in Geovision GV-ASManager web application versions v6.1.0.0 and earlier allows attackers to access account information including cl...

The Nedis SmartLife Android app v1.4.0 contains an API key disclosure vulnerability that allows attackers to extract sensitive API keys from the appli...

AutoLib Software Systems OPAC v20.10 contains hardcoded API keys in its source code, allowing attackers to access backend APIs and potentially sensiti...

The Import WP plugin for WordPress exposes sensitive data stored in the uploads directory to unauthenticated attackers. This vulnerability affects all...

This vulnerability allows a Wi-Fi access point to determine what websites a device is visiting through VPN connections by analyzing side channel infor...

This vulnerability in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials by sending specially crafted ...

Deno's fetch() redirect handling leaks Authorization headers to unintended domains when following cross-domain redirects. This allows sensitive authen...

This vulnerability allows attackers to download Discourse backup files through nginx misconfiguration when using local storage. Only Discourse instanc...

This vulnerability in Directus allows unauthenticated users to perform any CRUD operations or subscribe to data changes with full admin privileges whe...

This vulnerability in Argo Workflows allows attackers to retrieve archived workflows without proper authentication. When using client or SSO authentic...

This CVE describes an information exposure vulnerability in QNAP AI Core that could allow remote attackers to access sensitive system information. The...

This vulnerability allows unauthenticated attackers to determine whether specific email addresses correspond to valid GLPI user accounts. It affects G...

Apache HertzBeat versions before 1.6.1 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive information...

CVE-2024-47915 in VaeMendis software exposes sensitive information to unauthorized actors, allowing attackers to access confidential data without auth...

This vulnerability in Foreman's GraphQL API allows attackers to retrieve sensitive admin authentication keys when introspection is enabled. This could...

CVE-2024-51739 is an information disclosure vulnerability in Combodo iTop that allows unauthenticated attackers to enumerate valid user accounts via t...

ZimaOS versions 1.2.4 and earlier expose sensitive system and application data through unauthenticated API endpoints. Attackers can access detailed in...

A vulnerability in INATRONIC DriveDeck Home firmware update process allows remote attackers to access sensitive information. This affects users of the...

This vulnerability in EQUES com.eques.plug firmware allows remote attackers to access sensitive information during the firmware update process. Attack...

This vulnerability in Hubble Connected's Vervelife app allows remote attackers to access sensitive information through the firmware update process. At...

This vulnerability allows unauthenticated directory listing of the /uploads/ folder in CodeAstro Membership Management System 1.0, exposing file struc...

The Maven Archetype Plugin versions 3.2.1 through 3.2.x expose sensitive credentials by copying the user's settings.xml file into test artifacts. This...

This macOS vulnerability allows applications to access sensitive user data from system logs that should have been redacted. It affects macOS systems b...

OMFLOW from The SYSCOM Group has an information leakage vulnerability that allows unauthorized remote attackers to read arbitrary system configuration...