CWE-209: CWE-209

This vulnerability in Yokogawa's FAST/TOOLS software exposes detailed error messages that could reveal sensitive system information. Attackers could l...

IBM Cloud Pak System contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious JavaScript into the web interface. ...

IBM Cloud Pak System fails to set the secure attribute on authorization tokens and session cookies, making them vulnerable to interception when transm...

IBM Cloud Pak System displays sensitive information in user messages that could aid attackers. This information disclosure vulnerability affects IBM C...

This vulnerability in the go-viper/mapstructure library allows information disclosure through detailed error messages that leak sensitive input values...

This vulnerability in gemscms.aptsys.com.sg's PHP backend allows unauthenticated remote attackers to trigger detailed error messages that disclose int...

This vulnerability allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and st...

The Fancy Product Designer WordPress plugin up to version 6.4.8 exposes server filesystem paths and stack traces in error messages through its PDF upl...

This vulnerability in Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework exposes detailed server stack traces throug...

This vulnerability involves error messages being exposed in HTTP headers, potentially leaking sensitive information about the system. It affects BLU-I...

This vulnerability allows attackers to enumerate valid course IDs on a router by observing inconsistent responses to invalid IDs. This information dis...

This vulnerability allows unauthenticated remote attackers to determine whether specific projects exist in Canonical LXD by observing different HTTP s...

An information disclosure vulnerability in MiR robot software allows unauthenticated attackers to access detailed error information including file pat...

HCL BigFix SaaS Authentication Service discloses sensitive version information through error messages under certain conditions. This information discl...

This vulnerability in OMERO.web's password reset functionality allows information disclosure about users when password reset errors occur. Attackers c...

IBM Analytics Content Hub versions 2.0-2.3 expose sensitive information through detailed error messages returned to browsers. This information disclos...

An unauthenticated remote attacker can enumerate valid LDAP usernames on vulnerable Cisco Nexus Dashboard systems by sending authentication requests. ...

The C9 Blocks WordPress plugin contains a publicly accessible file (composer-setup.php) that discloses the full server path when accessed. This affect...

The BigBuy Dropshipping Connector for WooCommerce WordPress plugin discloses the full server path through an accessible vendor file that triggers an e...

The AForms Eats WordPress plugin discloses full server path information through a publicly accessible vendor file. This information disclosure vulnera...

IBM Analytics Content Hub 2.0 discloses sensitive technical error information to remote attackers via browser responses. This information leakage coul...

IBM Cloud Pak System versions 2.3.3.0 through 2.3.3.7 iFix1 contain an information disclosure vulnerability that could expose sensitive system details...

This CVE describes an information disclosure vulnerability in the Paytium WordPress plugin where error messages reveal sensitive information like full...

SAP NetWeaver Application Server for ABAP and ABAP Platform contains an information disclosure vulnerability where unauthenticated attackers can acces...

This vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights allows remote attackers to obtain sensitive information through de...

This vulnerability in the Vimeography WordPress plugin exposes sensitive information through error messages, potentially revealing full server paths. ...

This vulnerability in HumHub allows attackers to enumerate valid usernames through error messages that leak sensitive information. All HumHub installa...

This vulnerability in the Posti Shipping WordPress plugin allows attackers to retrieve sensitive information through error messages. It affects all ve...

This vulnerability in Webmin Usermin v2.100 allows attackers to distinguish between valid and invalid user accounts through differences in error messa...

A padding oracle vulnerability in Apache Druid's optional druid-pac4j extension could allow attackers to manipulate session cookies. This affects Drui...

This vulnerability in Drupal 11.x-dev allows Full Path Disclosure when the hash_salt configuration points to a non-existent file. Attackers can exploi...

IBM InfoSphere Information Server 11.7 discloses sensitive technical information in error messages, potentially revealing system details that could ai...

This vulnerability in Italtel Embrace 1.6.4 allows unauthenticated attackers to trigger application errors that reveal sensitive server information li...

SolarWinds Kiwi CatTools can disclose sensitive information when a non-default troubleshooting setting is enabled. This affects administrators who hav...

This vulnerability in Android's RemotePrintDocument component allows local information disclosure through a logic error in writeContent. It affects An...

This vulnerability in IBM Sterling B2B Integrator and File Gateway exposes sensitive technical error messages to remote privileged attackers. Attacker...

HCL BigFix Compliance generates error messages that may leak sensitive information about the system environment, users, or associated data. This vulne...

CVE-2025-4166 allows sensitive information exposure in Vault server and audit logs when users submit malformed payloads during secret creation or upda...

This vulnerability in GitLab EE/CE allows attackers to retrieve user passwords stored in repository mirror configurations. It affects GitLab instances...

This vulnerability in GitLab EE/CE allows sensitive authentication information to be exposed through repository mirroring settings. Attackers could po...

This CVE describes an information disclosure vulnerability where error messages reveal internal system details like file paths, database errors, or so...

This vulnerability allows authenticated users to discover the names of private projects they shouldn't have access to through API requests. It affects...

This vulnerability in IBM Planning Analytics Local versions 2.1.0 through 2.1.15 allows attackers to obtain sensitive information about server archite...

This vulnerability allows non-admin users to view detailed debug information in SQL error messages, revealing software, PHP, and database version deta...

This vulnerability in Desktop Alert PingAlert's Application Server (versions 6.1.0.11 to 6.1.1.2) allows attackers to obtain technical information thr...

This vulnerability allows authenticated backend users in TYPO3 CMS to obtain sensitive file path information through error messages when file operatio...

IBM Verify Identity Access Digital Credentials 24.06 returns detailed technical error messages to browsers, potentially exposing sensitive system info...

IBM Security Guardium 12.0 discloses sensitive technical error information to remote attackers via browser responses. This information leakage could e...

IBM ApplinX 11.1 can expose sensitive technical error information to remote attackers through browser responses. This information disclosure vulnerabi...

IBM Control Center versions 6.2.1 and 6.3.1 expose detailed technical error messages to remote attackers, potentially revealing sensitive system infor...