CWE-359: CWE-359

CVE-2023-36052 is an information disclosure vulnerability in Azure CLI's REST command that allows authenticated users to access sensitive information ...

This vulnerability in Microsoft Edge (Chromium-based) allows an attacker to potentially access sensitive information from the browser's memory. It aff...

This vulnerability in Premierturk's Excavation Management Information System allows unauthorized external parties to access files or directories, pote...

A malicious Matrix homeserver can manipulate user account data to force the matrix-react-sdk client to enable URL previews in end-to-end encrypted roo...

This vulnerability in PozitifIK Pik Online allows attackers to bypass authorization controls and access private personal information by manipulating u...

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.jso...

An unauthenticated API endpoint in Apache Answer exposes full revision history for deleted content, allowing unauthorized users to retrieve sensitive ...

This vulnerability in Xiongmai XM530 IP cameras exposes RTSP video streams through hardcoded credentials in the GetStreamUri function. Attackers can d...

This vulnerability in Utarit Informatics Services Inc. SoliClub allows unauthorized actors to query the system and access private personal information...

AVideo versions before 20.1 expose sensitive user information through an unauthenticated public API endpoint. This allows attackers to enumerate users...

CVE-2025-10450 is an exposure of private personal information vulnerability in RTI Connext Professional Core Libraries that allows unauthorized actors...

This CVE describes a privacy vulnerability in Apple operating systems where applications could bypass user preference controls to access sensitive use...

This vulnerability allows remote content to be loaded even when the 'Load Remote Images' setting is disabled in affected Apple operating systems. This...

A sandbox escape vulnerability in macOS allows malicious applications to bypass intended restrictions and access sensitive user data. This affects mac...

This vulnerability allows malicious apps to bypass privacy protections and access sensitive user data that should be restricted. It affects iOS, iPadO...

This vulnerability in Apple's WebKit browser engine allows malicious web content to bypass security controls and access sensitive user information. It...

This vulnerability in Dynamics 365 FastTrack Implementation Assets allows unauthorized attackers to access private personal information over the netwo...

This vulnerability in Devolutions Remote Desktop Manager allows authenticated users to access private personal information when entries are unintentio...

This vulnerability in the Dario Health Android application allows attackers to access cross-user personal identifiable information (PII) and personal ...

A logical vulnerability in the CarlCare mobile application (com.transsion.carlcare) exposes user information to unauthorized access. This affects user...

This vulnerability in the pk_themesettings module for PrestaShop allows unauthenticated guests to download a text file containing email addresses coll...

CVE-2023-44156 is a sensitive information disclosure vulnerability in Acronis Cyber Protect 15 caused by spell-jacking, which allows attackers to acce...

This CVE describes an exposure of private personal information vulnerability in Finex Media Competition Management System. It allows unauthorized acto...

Updatecli versions before 0.93.0 leak private Maven repository credentials in application logs when Maven source operations fail. This exposes authent...

This vulnerability in Microsoft Edge (Chromium-based) allows an attacker to potentially access sensitive information from the browser's memory. It aff...

The Brizy Page Builder WordPress plugin exposes administrator email addresses and password hashes to authenticated users with Contributor-level access...

This macOS vulnerability allows applications to access sensitive user data that should be redacted in system logs. It affects macOS systems before ver...

The Contec Health CMS8000 Patient Monitor transmits unencrypted patient data to a hard-coded public IP address when monitoring begins, potentially exp...

This vulnerability allows anonymous users to access private projects belonging to other users in Gitea instances. It affects all Gitea installations r...

A sandbox escape vulnerability in macOS allows malicious applications to bypass intended restrictions and access sensitive user data. This affects mac...

This CVE describes a privacy vulnerability in Apple operating systems where an application could access sensitive user data without proper authorizati...

This vulnerability allows authenticated administrators of Fortinet FortiDLP Agent's Outlookproxy plugin to collect email information from the current ...

SAP Commerce Cloud exposes sensitive API endpoints to unauthenticated users, allowing unauthorized access to confidential information. This affects or...

A vulnerability in Yokogawa's FAST/TOOLS software allows browser autocomplete to save sensitive input data from web interfaces. This affects industria...

The SureForms WordPress plugin exposes sensitive email notification configuration data to unauthenticated users due to improper access control. This v...

Flag Forge CTF platform versions 2.0.0 through 2.3.1 expose user email addresses through a public API endpoint. This vulnerability allows unauthentica...

This vulnerability allows remote content to be loaded in Apple's Mail app even when the 'Load Remote Images' privacy setting is disabled. It affects i...

This vulnerability allows unauthenticated attackers to access sensitive user information through the Directorist WordPress plugin's REST API endpoint....

The Event Monster WordPress plugin creates publicly accessible CSV files containing visitor personal data in the wp-content folder. Unauthenticated at...

Discourse sites using Discourse Connect (SSO) with local logins still enabled are vulnerable to authentication bypass. Attackers can create accounts a...

This vulnerability allows attackers to enumerate valid user accounts in CIRCUTOR Q-SMT devices by analyzing server responses to authentication attempt...

This CVE describes a privacy vulnerability in Apple operating systems where private browsing history may leak into system logs. The issue affects user...

This vulnerability allows applications to access sensitive contact information from macOS system logs due to insufficient data redaction. It affects m...

The RBI assistant platform's Global Store Directory improperly shares personal information among authenticated users, allowing one authenticated user ...

This vulnerability exposes sensitive device logger information in ABB ASPECT systems when administrator credentials are compromised. It affects ASPECT...

IBM Db2's clpplus command exposes user credentials in terminal output, allowing anyone with physical access to the system to view them. This affects D...

This vulnerability in Nextcloud Server allows authenticated users to retrieve personal data (emails, names, identifiers) of other users through the co...

This CVE describes a macOS vulnerability where malicious applications can trick users into copying sensitive data to the system clipboard. The issue a...

This vulnerability in Azure Stack allows an authorized attacker with local access to expose private personal information. It affects organizations usi...