CWE-497: CWE-497

Nagios XI versions before 2024R1.1.3 allow authenticated users to access sensitive user account information including API keys and password hashes, wh...

This CVE describes a broken access control vulnerability in the Analytify WordPress plugin that allows unauthorized users to access sensitive system i...

This vulnerability allows local administrators on IBM PowerVM systems to extract sensitive information from Virtual TPMs through specific PowerVM serv...

SAP GUI for Java stores user input locally on client PCs, creating a security vulnerability. Attackers with administrative privileges or access to the...

Multiple SHARP routers have an improper authentication vulnerability in their configuration backup function. Remote unauthenticated attackers can retr...

The Ubuntu Advantage Desktop Daemon before version 1.12 leaks Pro tokens to unprivileged users by passing them as plaintext arguments. This allows una...

An authenticated user without user-management permissions can enumerate other user accounts in affected systems. This information disclosure vulnerabi...

This macOS vulnerability allows malicious applications to bypass security checks and access sensitive user data. It affects macOS systems running vers...

This CVE describes a logic flaw in macOS that could allow malicious applications to access sensitive user data they shouldn't normally be able to reac...

This vulnerability in Foxit eSign for WordPress allows unauthorized users to retrieve embedded sensitive data from the plugin. It affects all WordPres...

The AWS CDK CLI prints AWS credentials to console output when used with credential plugins that return expiration properties. This exposes sensitive c...

Dell Secure Connect Gateway (SCG) 5.0 Appliance versions 5.26 expose sensitive system information to unauthorized actors. A high-privileged attacker w...

This vulnerability in FreeIPA's API audit mechanism causes administrative credentials to be logged in plaintext during installation. Anyone with acces...

This vulnerability in the Simple Ajax Chat WordPress plugin exposes sensitive system information to unauthorized users. Attackers can retrieve embedde...

This vulnerability in the ContestsWP contest-code-checker WordPress plugin exposes sensitive system information to unauthorized users. Attackers can r...

This vulnerability in the Hustle WordPress plugin allows unauthorized users to retrieve embedded sensitive data from popups and opt-in forms. It affec...

This vulnerability in HCL BigFix Compliance allows remote attackers to access sensitive files in the WEB-INF directory, potentially exposing Java clas...

Certain A-Plus Video Technologies NVR models expose sensitive device status information through an unauthenticated debug page. This allows remote atta...

This vulnerability in the Plant - Gardening & Houseplants WordPress theme exposes sensitive system information to unauthorized users. Attackers can re...

CasaOS versions up to 0.4.15 expose unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug i...

This vulnerability in the Download Media Library WordPress plugin exposes sensitive system information to unauthorized users. Attackers can retrieve e...

Gitea versions before 1.21.8 inadvertently disclose users' login times through the explore/users API endpoint. This information leakage vulnerability ...

An information disclosure vulnerability in Kentico Xperience allows unauthenticated attackers to access sensitive administration interface hostname de...

This vulnerability in the Rehub WordPress theme allows unauthorized users to retrieve embedded sensitive system information. It affects all WordPress ...

This vulnerability in the Sober WordPress theme allows unauthorized users to retrieve embedded sensitive data from the system. It affects all WordPres...

This vulnerability in Pixel Manager for WooCommerce exposes sensitive system information to unauthorized parties. It affects WordPress sites using thi...

This vulnerability in the WP Google Analytics Events WordPress plugin exposes sensitive system information to unauthorized users. Attackers can retrie...

This vulnerability in the WordPress User Spam Remover plugin allows unauthorized users to retrieve embedded sensitive system information. It affects a...

This vulnerability in the Image Cleanup WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affects all...

This vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway allows unauthorized users to access sensitive server IP configuration info...

This vulnerability in Seriously Simple Podcasting WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It a...

IBM Concert versions 1.0.0 through 2.0.0 disclose sensitive server information via HTTP response headers. This information leakage could help attacker...

IQ-Support software by IQ Service International contains an information exposure vulnerability that allows unauthenticated remote attackers to access ...

HCL Unica 12.1.10 exposes sensitive system information that could help attackers plan targeted attacks. This affects organizations using HCL Unica 12....

This vulnerability allows unauthenticated attackers to query an endpoint without proper authentication, enabling user enumeration attacks. It affects ...

This vulnerability in Shahjada Download Manager WordPress plugin allows unauthorized users to retrieve embedded sensitive system information. It affec...

This vulnerability in the WordPress Ajax Load More plugin allows unauthorized users to retrieve embedded sensitive data from affected websites. It aff...

This vulnerability in the Ays Pro Quiz Maker WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affect...

This vulnerability in the NooTheme Jobmonster WordPress theme allows unauthorized users to retrieve embedded sensitive data from the system. It affect...

The NordicMade Savoy WordPress theme exposes sensitive system information to unauthorized users, allowing attackers to retrieve embedded sensitive dat...

Parse Server's GraphQL API exposed schema metadata without authentication in versions 5.3.0 through 7.5.2 and 8.0.0 through 8.2.1. This allows attacke...

This vulnerability in Roland Beaussant Audio Editor & Recorder allows unauthorized users to retrieve embedded sensitive system information. It affects...

This vulnerability in the AnalyticsWP WordPress plugin allows unauthorized users to retrieve embedded sensitive system information. It affects all ver...

An unauthenticated attacker can exploit a deprecated Java applet component in SAP SRM's Live Auction Cockpit to send malicious requests that disclose ...

This vulnerability in weDevs weMail WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affects all weM...

This vulnerability in langchain-core allows unauthorized users to read arbitrary files from the host file system by exploiting prompt templates. It af...

IBM InfoSphere Information Server 11.7 exposes sensitive version information to remote users, which could be used for reconnaissance in targeted attac...

IBM Security ReaQta 3.12 discloses sensitive information in HTTP responses that could aid attackers in reconnaissance or further exploitation. This af...

CVE-2024-32732 is an information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform that allows attackers to access restri...

IBM Cognos Controller versions 11.0.0 and 11.0.1 expose server details through an information disclosure vulnerability. This allows attackers to gathe...