CWE-202: CWE-202

Icinga 2 monitoring system exposes sensitive credentials (database, Redis, Elasticsearch passwords) through its API to authenticated users with read p...

A vulnerability in Audiobookshelf versions 2.17.0 through 2.19.0 allows unauthenticated attackers to bypass authentication by crafting URLs with speci...

An unauthenticated remote attacker can trigger generation and download of configuration backup ZIP files in vulnerable phpMyFAQ installations. This ex...

Dell Wyse Management Suite versions before 5.1 expose sensitive information through data queries. Unauthenticated remote attackers can exploit this vu...

This vulnerability in Drupal's RESTful Web Services module allows attackers to access sensitive information through forceful browsing of data queries....

This vulnerability in Finrota Netahsilat allows attackers to retrieve sensitive information stored in cleartext, bypass authentication, inject IMAP/SM...

This vulnerability allows attackers to enumerate valid user accounts (email addresses) in Vendure through timing attacks. By measuring response time d...

This vulnerability in Discourse allows attackers to discover users' full names even when the 'enable_names' setting is disabled, by using partial user...

This vulnerability in Langfuse allows authenticated users to enumerate names and email addresses of users in other organizations if they know the targ...