CWE-200: Information Exposure

An unauthenticated attacker can read arbitrary files on Sitecore Experience Platform, Experience Manager, and Experience Commerce systems. This vulner...

This vulnerability in Pgpool-II allows unauthorized database users to access cached query results containing sensitive table data they shouldn't have ...

CVE-2024-45388 is a path traversal vulnerability in Hoverfly's simulation API that allows attackers to read arbitrary files from the server filesystem...

Keyfactor AWS Orchestrator through version 2.0 contains an information disclosure vulnerability that allows unauthorized access to sensitive data. Thi...

This CVE describes an information exposure vulnerability in Barix products where sensitive information is accessible to unauthorized actors. Attackers...

CVE-2024-27120 is a Local File Inclusion vulnerability in ComfortKey software from Celsius Benelux that allows unauthenticated attackers to read sensi...

This vulnerability in the WordPress 'Import and export users and customers' plugin allows unauthorized actors to access sensitive information through ...

This vulnerability in Roundcube webmail allows remote attackers to exfiltrate sensitive information from rendered email messages due to insufficient C...

The Zephyr Project Manager WordPress plugin versions up to 3.3.99 contain a vulnerability that exposes sensitive information via export files. This al...

An access control vulnerability in Tmall_demo v2024.07.03 allows attackers to bypass authentication mechanisms and access sensitive information. This ...

CVE-2024-37110 is an unauthenticated information disclosure vulnerability in the WordPress WishList Member X plugin. It allows attackers without crede...

This vulnerability in Siemens RUGGEDCOM industrial networking devices allows low-privileged authenticated users to access password hashes and salts fo...

The CheckUser extension for MediaWiki fails to respect the log_deleted attribute, allowing unauthorized users to view suppressed log information. This...

This vulnerability in Teldat M1 routers allows attackers to bypass access controls and retrieve sensitive information by manipulating query strings. I...

Dell ThinOS 2402's Telemetry Dashboard v1.0.0.8 contains a sensitive information disclosure vulnerability. An unauthenticated attacker with local acce...

CVE-2024-35178 allows unauthenticated attackers to leak NTLMv2 password hashes from Windows users running vulnerable Jupyter Server instances. This af...

This vulnerability in linqi Windows versions before 1.4.0.1 allows attackers to leak NTLM hashes through specific API endpoints. Attackers can potenti...

The Scribit GDPR Compliance WordPress plugin versions up to 1.2.5 contain a sensitive data exposure vulnerability that allows unauthorized actors to a...

This vulnerability allows remote attackers to bypass authentication on LG Simple Editor installations by exploiting a flaw in the getServerSetting met...

CVE-2024-33437 is a vulnerability in CSS Exfil Protection v1.1.0 that allows remote attackers to exfiltrate sensitive information due to incomplete CS...

This vulnerability in TVS Connect mobile apps allows remote attackers to access sensitive information through an insecure API endpoint. It affects And...

This vulnerability in the PickPlugins Post Grid WordPress plugin exposes sensitive information through an API endpoint to unauthorized actors. It affe...

This vulnerability in ThemeHigh's Email Customizer for WooCommerce WordPress plugin exposes sensitive information to unauthorized actors. It affects a...

This CVE describes a sensitive data exposure vulnerability in the WordPress Frontend Dashboard plugin by vinoth06. The vulnerability allows unauthoriz...

This vulnerability in Oracle Trade Management allows unauthenticated attackers to access sensitive data via HTTP. It affects Oracle E-Business Suite v...

This vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle Trade Management, potentially gaining unauthoriz...

This vulnerability allows unauthenticated attackers to access sensitive user and post data in the Citadela Listing WordPress plugin. It affects all Wo...

The Evolution Controller web interface contains an access control vulnerability in the MOBILE_GET_USERS_LIST endpoint that allows unauthenticated atta...

The Evolution Controller web interface has an access control vulnerability in the DESKTOP_EDIT_USER_GET_CARD endpoint that allows unauthenticated atta...

The Evolution Controller web interface contains an access control vulnerability in the DESKTOP_EDIT_USER_GET_KEYS_FIELDS endpoint that allows unauthen...

This vulnerability in ZKTeco BioTime allows remote attackers to access sensitive information without authentication. It affects BioTime versions 8.5.4...

This vulnerability in TOTOLINK EX200 routers allows attackers to access sensitive system configuration information without authentication through the ...

This CVE describes an input verification vulnerability in the call module that could allow unauthorized access to sensitive information. The vulnerabi...

This vulnerability in Unisoc chipsets allows remote attackers to intercept sensitive information before security activation during cellular network co...

This vulnerability allows unauthenticated attackers to access sensitive information from Netgear R6850 routers via the BRS_top.html component. It affe...

This vulnerability allows remote attackers to enumerate valid user accounts on WyreStorm Apollo VX20 devices by observing TELNET service behavior. The...

An information exposure vulnerability in Meta4 HR allows unauthenticated attackers to access sensitive system information via a specific JSP endpoint....

This vulnerability in OpenClinic GA allows attackers to determine whether specific appointments exist by manipulating the AppointmentUid parameter in ...

This vulnerability allows unauthenticated attackers to access sensitive information from Netgear CBR40, CBK40, and CBK43 routers via the currentsettin...

CVE-2024-24765 is a path traversal vulnerability in CasaOS-UserService that allows unauthorized file access due to insufficient URL filtering for avat...

This vulnerability allows attackers to download files including logs from affected GL-iNet devices via commands, potentially exposing sensitive user i...

This vulnerability in the Ecomiz Survey TMA module for PrestaShop allows unauthenticated guests to download personal information without authorization...

This CVE exposes Discord account access tokens in the config.json file of kedi ElectronCord, a Discord bot management tool. Attackers who obtain these...

This vulnerability allows attackers to bypass foreground service restrictions in Huawei's NMS module, potentially exposing sensitive service informati...

A memory leak vulnerability exists in Wind River VxWorks 7 when tasks or POSIX threads using OpenSSL exit without freeing allocated memory. This affec...

This vulnerability in Apache Solr allows attackers to steal ZooKeeper credentials and ACLs by tricking Solr into sending them to a malicious server. A...

The Mailjet module for PrestaShop before version 3.5.1 contains an information disclosure vulnerability that allows unauthenticated guests to download...

CVE-2024-22154 is an unauthenticated sensitive data exposure vulnerability in the SalesKing WordPress plugin. It allows attackers without authenticati...

This CVE describes an out-of-bounds access vulnerability in Huawei/HarmonyOS device authentication modules that could allow unauthorized access to sen...

This vulnerability allows unauthenticated attackers to access sensitive information, including personally identifiable information (PII) and coupon da...