CWE-200: Information Exposure

This vulnerability allows attackers to execute NuttX commands on Yuneec Mantis Q drones and PX4-Autopilot systems, potentially exposing sensitive info...

This vulnerability in XWiki Platform allows attackers to deduce password field contents through repeated calls to LiveTableResults and WikisLiveTableR...

Dell NetWorker versions 19.5 and earlier expose Apache Tomcat version information, allowing attackers to fingerprint the software. This vulnerability ...

This CVE describes an information exposure vulnerability in RosarioSIS, an open-source student information system. The vulnerability allows unauthoriz...

This vulnerability allows local users to access sensitive information due to insecure folder permissions in Acronis products on Windows. It affects Ac...

Slack Morphism Rust library versions before 0.41.0 could leak Slack OAuth client secrets in debug logs. This exposes authentication credentials that c...

This vulnerability in WAVLINK AERIAL X 1200M routers allows attackers to execute commands via the live_mfg.shtml page, exposing sensitive router infor...

Couchbase Server versions 5.x through 7.x before 7.0.4 expose sensitive information to unauthorized actors. This information disclosure vulnerability ...

This vulnerability in npm causes workspace operations to ignore .gitignore and .npmignore exclusion rules, potentially exposing sensitive files. Anyon...

Guzzle HTTP client versions before 6.5.7 and 7.4.4 expose sensitive cookie information during HTTP redirects. When a request to an HTTPS server redire...

This vulnerability in Solar-Log monitoring systems allows remote attackers to access sensitive information without authentication. It affects Solar-Lo...

CVE-2022-30556 is a buffer overflow vulnerability in Apache HTTP Server's r:wsread() function that can cause memory corruption. It affects Apache HTTP...

CVE-2021-42886 allows unauthenticated attackers to download the apmib configuration file from TOTOLINK EX1200T routers, exposing usernames and passwor...

This curl vulnerability allows information disclosure when an attacker can force curl to reuse an existing IPv6 connection from the pool with a differ...

CVE-2022-1815 is an information disclosure vulnerability in draw.io diagramming software that exposes sensitive information to unauthorized actors. Th...

CVE-2022-24867 is an information disclosure vulnerability in GLPI where the LDAP password is exposed in rendered page source code due to insufficient ...

CVE-2021-43287 is a critical information disclosure vulnerability in ThoughtWorks GoCD's business continuity add-on. Unauthenticated attackers can exp...

CVE-2022-27667 is an information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform's Client Management Console (CMC). It ...

This vulnerability in Mendix applications exposes internal project structure information to unauthenticated remote attackers. It affects Mendix applic...

CVE-2019-14839 is an information disclosure vulnerability in Business-central console where HTTP requests expose login credentials during authenticati...

GE UR firmware versions prior to 8.1x expose sensitive information through the web server interface without requiring authentication. This vulnerabili...

FreeTAKServer-UI v1.9.8 leaks sensitive API and Websocket keys, potentially exposing authentication credentials and allowing unauthorized access to se...

CVE-2022-0725 is an information exposure vulnerability in KeePass where plain text passwords are logged to system logs. This allows attackers with acc...

This vulnerability in containerd allows containers with specially-crafted image configurations to access read-only copies of arbitrary host files and ...

A vulnerability in tang (network-based cryptographic binding server) allows private key leakage through improper handling of cryptographic operations....

This vulnerability in the Twisted Python networking engine exposes sensitive authentication data (cookies and authorization headers) when following cr...

This vulnerability in IBM OPENBMC OP920, OP930, and OP940 allows unauthenticated attackers to access sensitive information without credentials. It aff...

CVE-2022-0281 is an information disclosure vulnerability in Microweber CMS that exposes sensitive information to unauthorized actors. This affects all...

CVE-2021-37125 is an information disclosure vulnerability in HarmonyOS that allows unauthorized actors to access sensitive files. This affects Harmony...

This CVE describes an information exposure vulnerability in Huawei smartphones running HarmonyOS. It allows unauthorized actors to access sensitive us...

This vulnerability in Qualcomm Snapdragon chipsets allows attackers to potentially expose sensitive information or cause denial of service by exploiti...

This vulnerability in Zammad's REST API allows unauthorized disclosure of sensitive information. Attackers can access confidential data through API en...

Parse Server versions before 4.10.4 expose user session tokens in LiveQuery payloads when users subscribe to Parse.User class updates. This allows att...

Discourse had a vulnerability where private message titles and participant lists were exposed to unauthorized users when groups were included in messa...

This vulnerability in D-LINK DIR-3040 routers allows attackers to obtain sensitive information through specially crafted network requests to the Zebra...

This CVE describes a password autocomplete vulnerability in Hitachi ABB Power Grids eSOMS web application that allows attackers to access user credent...

This vulnerability in Samsung's Message app allows untrusted applications to access message files due to improper component protection in SmsViewerAct...

CVE-2021-20019 is a memory disclosure vulnerability in SonicOS HTTP servers where crafted HTTP requests can leak partial memory contents. This could e...

Joomla! Core 1.5.x has an information disclosure vulnerability where attackers can use negative values for limit and offset parameters to access sensi...

This vulnerability in Apache Wicket allows attackers to trigger arbitrary DNS lookups from the server by manipulating the X-Forwarded-For header. This...

Keystone 5 CMS has an access control bypass vulnerability that allows attackers to extract private field values through query infrastructure manipulat...

This vulnerability in Unified Automation .NET based OPC UA Client/Server SDK allows attackers to trigger a stack overflow via uncontrolled recursion. ...

This vulnerability exposes Ansible log files to all users during OpenStack stack operations, potentially revealing sensitive configuration data and cr...

This vulnerability allows unauthenticated attackers to view sensitive server environment variables on any public WordPress page containing the [access...

This vulnerability in Web-Stat WordPress plugin versions before 1.4.0 allows information disclosure through client-side requests. When visitors access...

The User Profile Picture WordPress plugin before version 2.5.0 exposed sensitive user data through its REST API endpoint. Users with upload_files capa...

CVE-2021-26923 is an information disclosure vulnerability in Argo CD where the /api/version endpoint leaks internal system information without requiri...

This vulnerability in Apache Tomcat allows HTTP/2 cleartext (h2c) connections to leak request data between users. When processing h2c requests, Tomcat...

This vulnerability in Qualcomm Snapdragon chipsets allows attackers to link RTT (Round Trip Time) frames by comparing sequence numbers when non-random...

This vulnerability in SAP NetWeaver Master Data Management allows attackers to set custom UNC paths in MDS server configuration, potentially enabling ...