CWE-212: CWE-212

CVE-2022-0355 is an information disclosure vulnerability in the NPM simple-get package where sensitive data like authorization headers and cookies are...

CVE-2022-1650 is an information exposure vulnerability in the eventsource JavaScript library where sensitive information (like authentication tokens) ...

tfplan2md versions before 1.26.1 fail to properly mask sensitive values in Terraform plan reports, exposing secrets like API keys, passwords, and conf...

This vulnerability in the cbor2 library allows attackers to read sensitive data from previously decoded CBOR messages when a CBORDecoder instance is r...

This vulnerability in Ruby's URI module allows credential exposure when using the '+' operator to combine URIs. Sensitive information like passwords f...

OpenVPN Connect versions before 3.5.0 log the configuration profile's private key in clear text within application logs. This allows unauthorized acto...

This CVE describes an information management vulnerability in Huawei's Gallery module that could allow unauthorized access to sensitive information. S...

IRRd version 4.2.x improperly exposed password hashes in query responses for mntner objects and database exports, allowing attackers to retrieve hashe...

This vulnerability in Mbed TLS allows sensitive application data to remain in memory after SSL/TLS sessions, potentially exposing it to attackers who ...

This vulnerability in MISP allows information disclosure when editing events with sharing groups. An incorrect sharing group association causes the sy...

This vulnerability in Streampark versions before 2.1.4 allows authenticated users to access other users' sensitive information, including administrato...

JetBrains TeamCity backup files exposed user credentials and session cookies in versions before 2024.12. This vulnerability allows attackers with acce...

This vulnerability exposes SSH private keys in the HTML source of Checkmk's remote alert handler rule pages. Attackers who can access these pages coul...

This vulnerability in Zoom Clients allows unauthenticated attackers to access sensitive information through network access due to improper data remova...

This vulnerability in M-Files Server allows sensitive information to be exposed due to incomplete data removal before transfer. It affects organizatio...

This vulnerability in Devolutions Remote Desktop Manager allows attackers who obtain exported configuration files to recover PowerShell credentials st...

This vulnerability in Cisco APIC allows authenticated local administrators to access sensitive information through insufficiently masked CLI command o...

This vulnerability in Artifex Ghostscript allows PDF passwords to be exposed in cleartext when processing certain PDF documents. It affects systems us...

Weblate versions 5.14 and below expose the IP address of project administrators in audit logs when inviting users to projects. This information leakag...