CWE-497: CWE-497
Yearly Trend
Top Affected Vendors
All CWE-497 CVEs (147)
This vulnerability in Gallagher Command Centre Server allows authenticated operators with limited site permissions to make unauthorized critical chang...
Oct 23, 2025Nagios Log Server before version 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a specific API endpoint. This...
Oct 7, 2025The School Affairs System from Quanxun exposes sensitive information to unauthenticated attackers, allowing them to access database information and pl...
Feb 11, 2025This vulnerability in Forever KidsWatch smartwatches allows attackers to remotely extract sensitive device information by sending specially crafted SM...
Feb 6, 2025This vulnerability allows attackers to gain unauthorized access to the local KNX bus system in ABB, Busch-Jaeger, and FTS building automation devices....
Jun 5, 2024CVE-2023-32550 exposes sensitive system information through Landscape's server-status page, including GET requests that could enable attackers to gath...
Jun 6, 2023An over-permissive Redis instance in affected Rockwell Automation products allows intranet attackers to access and potentially modify sensitive data. ...
Sep 9, 2025This vulnerability in Siemens RUGGEDCOM industrial networking devices incorrectly enables the Modbus service in non-managed VLANs, potentially exposin...
Jul 9, 2024SAP BusinessObjects Business Intelligence Platform has an information disclosure vulnerability that allows unauthenticated attackers to hijack user se...
Jan 14, 2025This vulnerability allows unauthorized directory indexing in Vegagrup Software Vega Master, potentially exposing sensitive system information to attac...
Sep 16, 2025This vulnerability in Vadi Corporate Information Systems' DIGIKENT software exposes sensitive system information to unauthorized parties. It affects a...
Feb 11, 2026IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0 returns sensitive information in HTTP responses that could enable user impersonation....
Feb 17, 2026This vulnerability allows unauthorized information disclosure when creating MQ channels in affected Qualcomm products. Attackers can potentially acces...
Apr 7, 2025VMware Aria Operations contains an information disclosure vulnerability where authenticated non-administrative users can retrieve credentials for outb...
Jan 30, 2025This vulnerability allows authenticated attackers with operator-level credentials to retrieve sensitive information from LDAP authentication servers c...
Jun 15, 2022This vulnerability in Oracle Hospitality Simphony allows authenticated attackers with low privileges to access sensitive data, modify information, and...
Apr 15, 2025The Webpushr WordPress plugin (versions up to and including 4.38.0) contains a vulnerability that allows unauthorized users to retrieve sensitive syst...
Jan 23, 2026This vulnerability in the WP FullCalendar WordPress plugin allows unauthorized users to retrieve embedded sensitive system information. It affects all...
Jan 23, 2026This vulnerability in the Nexter Blocks WordPress plugin allows unauthorized users to retrieve embedded sensitive data from affected websites. It affe...
Jan 22, 2026This CVE-2025-9110 vulnerability allows remote attackers to read sensitive system information from affected QNAP devices without authorization. Attack...
Jan 2, 2026The E-Invoice App Malaysia WordPress plugin exposes sensitive system information to unauthorized users. This vulnerability allows attackers to retriev...
Dec 30, 2025This vulnerability in the PostX WordPress plugin allows unauthorized users to retrieve embedded sensitive data from affected websites. It affects all ...
Dec 24, 2025The Virusdie WordPress plugin versions up to and including 1.1.6 expose sensitive system information to unauthorized users. This vulnerability allows ...
Dec 24, 2025This vulnerability in Premium Addons for Elementor WordPress plugin allows unauthorized users to retrieve embedded sensitive data from affected websit...
Dec 24, 2025This vulnerability in the Eight Day Week Print Workflow WordPress plugin allows unauthorized users to retrieve embedded sensitive data. It affects all...
Dec 24, 2025The Follow My Blog Post WordPress plugin (versions up to 2.3.9) exposes sensitive system information to unauthorized users. This vulnerability allows ...
Dec 18, 2025AVideo versions before 20.1 expose absolute server filesystem paths through public API endpoints. This information disclosure vulnerability reveals in...
Dec 17, 2025The Student Learning Assessment and Support System developed by JHENG GAO contains an information exposure vulnerability that allows unauthenticated r...
Dec 15, 2025This vulnerability allows unauthorized users to view files in the file system through a GUI dialog in affected applications. It affects systems runnin...
Oct 28, 2025This vulnerability in the WP Popup Builder WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affects ...
Oct 27, 2025Unauthorized users can bypass authentication in INFINITT PACS System Manager, allowing access to system resources without proper credentials. This aff...
Aug 21, 2025The elfsight Contact Form widget for WordPress exposes sensitive system information to unauthorized users, allowing attackers to retrieve embedded sen...
Jun 9, 2025Vestel AC Charger version 3.75.0 contains an information disclosure vulnerability that allows attackers to access files containing sensitive credentia...
Apr 25, 2025This vulnerability exposes sensitive system information to unauthorized users in the WordPress Macro Calculator with Admin Email Optin & Data plugin. ...
Apr 15, 2025This vulnerability in the WP-NERD Toolkit WordPress plugin exposes sensitive system information to unauthorized users. Attackers can access configurat...
Dec 16, 2024This vulnerability in Stacks Mobile App Builder WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It aff...
Nov 4, 2024The Keep Backup Daily WordPress plugin versions up to 2.0.7 expose sensitive system information to unauthorized users. This vulnerability allows attac...
Oct 17, 2024A Full Path Disclosure vulnerability in the AdmirorFrames Joomla! extension allows unauthenticated attackers to retrieve the web root folder location....
Jun 28, 2024This vulnerability in Ansible Automation Platform's ec2_key module exposes private keys in standard output when creating new keypairs. Attackers can e...
Oct 4, 2023This vulnerability in alf.io ticket reservation system allows attackers to access email logs from other organizers' events through specially crafted r...
Feb 19, 2024This cryptographic vulnerability in Qualcomm chipsets allows the High-Level Operating System (HLOS) to access the boot loader's certificate chain thro...
Mar 2, 2026This vulnerability exposes internal Trusted Application (TA) communication APIs to the High-Level Operating System (HLOS), allowing unauthorized acces...
Dec 18, 2025IBM webMethods Integration Server versions 10.15 through 11.1 can inadvertently expose sensitive user information in server responses. This informatio...
Feb 5, 2026This vulnerability in the Contact Form & Lead Form Elementor Builder WordPress plugin allows unauthorized users to retrieve embedded sensitive data fr...
Jan 22, 2026This vulnerability in the Dimitri Grassi Salon booking system WordPress plugin allows unauthorized attackers to retrieve embedded sensitive data from ...
Jan 22, 2026This vulnerability in the Vikas Ratudi VPSUForm WordPress plugin allows unauthorized attackers to retrieve embedded sensitive data from affected syste...
Dec 23, 2025This vulnerability in weDevs WP ERP plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affects WordPress sites u...
Dec 18, 2025This vulnerability in the Masteriyo LMS WordPress plugin allows unauthorized users to retrieve embedded sensitive system information. It affects all W...
Dec 18, 2025This vulnerability in the GetResponse Email Marketing WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. ...
Dec 18, 2025This vulnerability in the Restaurant Menu by MotoPress WordPress plugin exposes sensitive system information to unauthorized users. Attackers can retr...
Dec 18, 2025About CWE-497 (CWE-497)
Our database tracks 147 CVEs classified as CWE-497, with 6 rated critical and 35 rated high severity. The average CVSS score for CWE-497 vulnerabilities is 5.9.
External reference: View CWE-497 on MITRE CWE →
Monitor CWE-497 Vulnerabilities
Get alerted when new CWE-497 CVEs affect your infrastructure.
Start Monitoring Free