CWE-200: Information Exposure

This vulnerability in Apache OFBiz allows unauthenticated attackers to read arbitrary file properties via unauthorized URI calls, potentially exposing...

This vulnerability allows unauthorized actors to access sensitive information from resume files uploaded through the JobWP WordPress plugin. It affect...

This vulnerability in the ProfilePress WordPress plugin exposes sensitive information via debug logs to unauthorized actors. It affects all WordPress ...

This vulnerability in the WordPress Post Grid Combo plugin allows unauthorized actors to access sensitive information. It affects all WordPress sites ...

Apache DolphinScheduler versions before 3.2.1 expose sensitive information to unauthorized actors through improper log handling. This vulnerability al...

This vulnerability in Label Studio allows attackers to exploit insecure filter chains to leak sensitive user data character by character through Djang...

CVE-2023-45875 is a private key leak vulnerability in Couchbase Server 7.2.0 where sensitive cryptographic keys are exposed in debug.log files when ad...

This vulnerability in Huawei's remote PIN module involves incorrect information storage locations that could expose sensitive data. It affects Huawei ...

This CVE describes a missing encryption vulnerability in Huawei's card management module that could allow unauthorized access to sensitive card data. ...

This vulnerability in Best Practical Request Tracker (RT) allows attackers to access sensitive information through the transaction search feature in t...

This vulnerability in Best Practical Request Tracker (RT) exposes sensitive information through responses to mail-gateway REST API calls. Attackers ca...

CVE-2023-39057 is an information disclosure vulnerability in hirochanKAKIwaiting v13.6.1 that allows attackers to leak the channel access token. This ...

CVE-2023-39047 is an information disclosure vulnerability in shouzu sweets oz v13.6.1 that allows attackers to obtain channel access tokens. This enab...

CVE-2023-39050 is an information disclosure vulnerability in Daiky-value.Fukueten v13.6.1 that allows attackers to obtain channel access tokens. This ...

CVE-2023-39053 is an information disclosure vulnerability in Hattoriya v13.6.1 that allows attackers to leak the channel access token. This enables un...

This vulnerability in Ocomon's users-grid-data.php component allows attackers to access sensitive user information including emails and usernames with...

CVE-2023-38846 is an information disclosure vulnerability in Marbre Lapin Line v.13.6.1 that allows remote attackers to access sensitive information t...

EisBaer Scada systems expose sensitive information to unauthorized actors, allowing attackers to access confidential data without authentication. This...

This vulnerability in the Infinite Image Browsing extension for Stable Diffusion web UI allows remote attackers to read any local file on the server w...

This vulnerability in Oracle HTTP Server allows unauthenticated attackers with network access via HTTP to access sensitive data. It affects Oracle Fus...

Apache Traffic Server versions 8.0.0-8.1.8 and 9.0.0-9.2.2 expose sensitive information to unauthorized actors. This CWE-200 vulnerability allows atta...

Discourse chat messages can be read by unauthenticated attackers via a POST request to MessageBus, exposing private conversations. This affects all Di...

This vulnerability in Huawei's security module fails to verify package names' public keys, allowing attackers to potentially install malicious package...

Drupal's JSON:API module can expose sensitive error backtraces that may be cached and accessible to anonymous users. This information disclosure vulne...

This vulnerability allows unauthenticated attackers to access PHP configuration information via the send.php file in affected Prestashop modules. It e...

This vulnerability in TDSQL Chitu management platform allows remote attackers to access sensitive database information through an unsecured function i...

This vulnerability in the GitHub repository hamza417/inure exposes sensitive information to unauthorized actors. It affects users of this repository p...

This vulnerability in Acronis Agent and Cyber Protect for Windows allows attackers to access sensitive system information through excessive data colle...

This vulnerability in Mitel MiVoice Connect's Connect Mobility Router allows unauthenticated attackers to conduct account enumeration attacks due to i...

Cloud Explorer Lite versions before 1.4.0 contain an information disclosure vulnerability in user information acquisition functionality. This allows a...

CVE-2023-25913 is an authentication flaw that allows attackers to generate web reports containing sensitive information like internal IP addresses, us...

CVE-2023-40735 is an information disclosure vulnerability in the Cavo BUTTERFLY BUTTON architecture that exposes sensitive information to unauthorized...

This vulnerability involves insecure signature verification in Huawei's ServiceWifiResources module, allowing attackers to maliciously modify and over...

This vulnerability in TeamPass (a password manager) allows unauthorized actors to access sensitive information stored in the application. It affects a...

This CVE-2022-48514 vulnerability in the Sepolicy module allows inappropriate permission control on Netlink usage, potentially enabling unauthorized a...

This vulnerability in Huawei's DSoftBus module allows third-party apps to obtain unique values, potentially exposing sensitive information. It affects...

CVE-2022-48519 is an unauthorized access vulnerability in Huawei's SystemUI module that allows attackers to bypass intended access restrictions. This ...

A format string vulnerability exists in Huawei's distributed file system that could allow attackers to crash the program. This affects Huawei devices ...

Apache Traffic Server versions 8.0.0 through 9.2.0 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive...

Apache Traffic Server versions 8.0.0 through 9.2.0 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive...

This vulnerability allows anonymous users to enumerate all user accounts managed by the Mobatime mobile application. This information disclosure could...

This vulnerability allows unauthenticated attackers to access the config.json file in ChuanhuChatGPT deployments without authentication configured. Th...

OpenProject's robots.txt file publicly exposes project identifiers even when the entire instance is configured to require login. This information disc...

CVE-2023-31185 is a misconfiguration vulnerability in ROZCOM server framework that allows attackers to disclose sensitive information through unspecif...

This vulnerability in SAP GUI for Windows allows attackers to steal NTLM authentication credentials by tricking users into clicking malicious shortcut...

This vulnerability in Ghost CMS allows attackers to brute-force filter parameters on public API endpoints to reveal private fields like passwords and ...

CVE-2022-48346 is a logic bypass vulnerability in Huawei's HwContacts module that could allow unauthorized access to contact information. This affects...

This CVE describes an information disclosure vulnerability in the Android kernel that could allow local attackers to access sensitive information with...

MinIO distributed deployments expose all environment variables including sensitive credentials like MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD through a...

This vulnerability allows unauthenticated attackers to access Prometheus metrics from publicly exposed Miniflux instances with metrics collection enab...