CWE-209: CWE-209

This vulnerability exposes client certificate passwords in exception logs when SSL authentication fails in ClickHouse Java clients. Attackers who can ...

phpMyFAQ versions before 4.0.0 expose database credentials in error messages when database connection fails. This allows attackers to obtain sensitive...

VMware Aria Operations for Logs contains an information disclosure vulnerability where authenticated users with View Only Admin permissions can read c...

This CVE describes an information disclosure vulnerability in HeyGarson software where error messages reveal sensitive information during fuzzing atta...

This vulnerability in league/oauth2-server exposes cryptographic keys in error messages when keys are passed as strings without valid passphrases. Att...

This CVE describes an information exposure vulnerability in Progress Software Corporation's Sitefinity CMS where error messages reveal sensitive syste...

This vulnerability in openssh_key_parser allows attackers to expose sensitive key field values through error messages. Attackers can manipulate declar...

This vulnerability in Combodo iTop allows non-admin users to access sensitive class/field values through error messages in the GroupBy Dashlet. It aff...

This vulnerability in Kentico Xperience allows attackers to view detailed error messages containing sensitive stack trace information through Portal E...

IBM Security Verify Governance Identity Manager 10.0.2 discloses sensitive technical error information to remote attackers. This information leakage v...

An unauthenticated attacker can exploit verbose SQL error messages in HotelDruid 3.0.7 to extract administrator credentials (username, password hash, ...

CodeIgniter4 versions before 4.4.3 display detailed error reports in production environments when errors or exceptions occur, potentially leaking sens...

CVE-2023-37306 is an information disclosure vulnerability in MISP (Malware Information Sharing Platform) where improper handling of certificate file e...

This vulnerability in Apache Airflow AWS Provider versions before 7.2.1 allows error messages to leak sensitive information. Attackers can exploit thi...

This vulnerability in the Valinor PHP library allows attackers to extract sensitive information from error messages that should not be exposed. Attack...

This vulnerability in NocoDB prior to version 0.91.7+ allows error messages to expose sensitive information. Attackers can exploit this to obtain inte...

This vulnerability in Ruby on Rails Action Pack allows attackers to perform information disclosure or unintended method execution when using redirect_...

IBM Security Identity Manager 7.0.2 returns detailed technical error messages to remote attackers, potentially exposing sensitive system information. ...

IBM QRadar User Behavior Analytics versions 1.0.0 through 4.1.0 expose detailed technical error messages to remote attackers when errors occur. This i...

This vulnerability in Xen's x86 APIC implementation allows a malicious guest VM to trigger a deadlock in the hypervisor by configuring error interrupt...

This vulnerability in Apache Airflow allows authenticated users with DAG view permissions to potentially see sensitive information like secrets when a...

A vulnerability in Brocade SANnav's update-reports-purge-settings.sh script logs the database password to system audit logs. This allows authenticated...

This vulnerability allows external users to trigger a 500 error in LimeSurvey by sending malformed session cookies, which exposes sensitive internal s...

This vulnerability allows remote attackers to obtain sensitive technical error information from IBM QRadar Suite and Cloud Pak for Security systems. A...

IBM MQ Console versions 9.3 LTS and 9.3 CD expose detailed technical error messages to remote attackers, potentially revealing sensitive system inform...

This vulnerability in GitLab EE allows attackers to perform targeted searches with sensitive keywords to obtain counts of issues containing those term...

IBM MQ web console versions 9.2-9.4 can leak sensitive technical error information to remote attackers. This information disclosure vulnerability affe...

Apache Hive and Spark expose correct cookie signatures during signature mismatch errors, potentially allowing attackers to forge valid signed cookies....

OpenClaw session tools allowed broader session targeting than intended in shared-agent deployments, potentially exposing transcript content across pee...

This Windows Kernel vulnerability allows authenticated local attackers to extract sensitive information through error messages. Attackers with valid c...

A vulnerability in Altair Grid Engine versions before V2026.0.0 allows local attackers to extract password hashes for privileged accounts through erro...

This vulnerability in the Windows USB Video Driver allows an authorized attacker to read sensitive information from error messages. It affects Windows...

This vulnerability in Infinispan CLI exposes sensitive passwords in error messages when commands fail. Attackers could potentially capture passwords b...

This vulnerability in Firefox and Thunderbird involves a WebAssembly (wasm) frame iterator getting stuck in an infinite loop when processing certain w...

IBM InfoSphere Information Server 11.7 discloses sensitive technical error information to remote attackers. This information leakage could reveal syst...

The free5GC UDR component leaks detailed internal parsing error messages to remote clients through the NEF service. This allows attackers to perform s...

The free5GC User Data Repository versions up to 1.4.1 leak detailed internal parsing error messages through the NEF component. This allows remote atta...

The free5GC UDR component versions prior to 1.4.1 leak internal parsing error details to remote clients through the Nnef_PfdManagement service. This i...