CWE-497: CWE-497

This CVE describes an information disclosure vulnerability in GitLab EE where an unauthenticated user can read some information about merge requests i...

This vulnerability in MasterStudy LMS WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affects all v...

This vulnerability in the WordPress Custom Field Template plugin allows unauthorized users to retrieve embedded sensitive data from affected websites....

Brocade SANnav versions before 2.4.0a log passwords and PBE keys in local server audit logs under specific conditions. This allows server administrato...

CVE-2026-24314 is an information disclosure vulnerability in SAP S/4HANA's Manage Payment Media component that allows authenticated users to access re...

This vulnerability in the Fraud Prevention for WooCommerce WordPress plugin exposes sensitive system information to unauthorized users. Attackers can ...

This vulnerability in the REHub Framework WordPress plugin allows unauthorized users to retrieve embedded sensitive data from affected systems. It aff...

CVE-2026-22915 allows attackers with low privileges to read files from specific directories on affected devices, potentially exposing sensitive inform...

This CVE describes a clickjacking vulnerability in the PDF Viewer component of Mozilla products that could allow information disclosure. Attackers cou...

The BoomDevs WordPress Coming Soon Plugin versions up to 1.0.4 expose sensitive system information to unauthorized users. This vulnerability allows at...

This vulnerability in the Direct Payments WP WordPress plugin allows unauthorized users to retrieve embedded sensitive data. It affects all versions u...

The Post Video Players WordPress plugin exposes sensitive system information to unauthorized users. This vulnerability allows attackers to retrieve em...

This vulnerability in the Poptics WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affects all WordP...

This vulnerability in the Roxnor PopupKit WordPress plugin allows unauthorized users to retrieve embedded sensitive data from affected websites. It af...

This vulnerability in HappyDevs TempTool WordPress plugin exposes sensitive system information to unauthorized users. Attackers can retrieve embedded ...

This vulnerability in the SendPulse Email Marketing Newsletter WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the...

ZITADEL versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users regardless of th...

This vulnerability in the WordPress Portfolio and Projects plugin allows unauthorized users to retrieve embedded sensitive system information. It affe...

This vulnerability in the WordPress Download Manager plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affects ...

This vulnerability in the WP Hotel Booking WordPress plugin allows unauthorized users to retrieve embedded sensitive system information. It affects al...

Primakon Pi Portal 1.0.18's /api/v2/users endpoint lacks proper access controls, allowing any authenticated user to retrieve a complete list of all re...

This vulnerability in the Uncanny Automator WordPress plugin allows unauthorized users to retrieve embedded sensitive data from the system. It affects...

This vulnerability in the WooCommerce Ultimate Points And Rewards plugin exposes sensitive system information to unauthorized users. Attackers can ret...

IBM OpenPages 9.0 and 9.1 has insecure REST endpoints that allow authenticated users to access system metadata beyond their intended permissions. This...

This vulnerability in the SUMO Affiliates Pro WordPress plugin allows unauthorized users to retrieve embedded sensitive data, such as configuration de...

This vulnerability in Page Manager for Elementor WordPress plugin exposes sensitive system information to unauthorized users. Attackers can retrieve e...

This vulnerability in the Social Pug WordPress plugin allows unauthorized users to retrieve embedded sensitive system information. It affects all Word...

This vulnerability in the WPeMatico RSS Feed Fetcher WordPress plugin allows unauthorized users to retrieve embedded sensitive system information. It ...

The WP System Information WordPress plugin versions up to 1.5 expose sensitive system data to unauthorized users. This vulnerability allows attackers ...

IBM Lakehouse (watsonx.data 2.2) exposes sensitive server component version information to authenticated users. This information disclosure vulnerabil...

This vulnerability in IBM DevOps Deploy/UrbanCode Deploy allows authenticated users to access sensitive configuration information they shouldn't have ...

IBM OpenPages 9.0 has a vulnerability where authenticated users can access sensitive workflow configuration and internal state information through ins...

This vulnerability in Essential Addons for Elementor WordPress plugin exposes sensitive system information to unauthorized users. Attackers can retrie...

HCL Traveler for Windows exposes internal file paths in error messages or debug logs, potentially revealing sensitive directory structures. This affec...

The WordPress Our Team Members plugin versions up to 2.2 expose sensitive system information to unauthorized users. This vulnerability allows attacker...

The Bowo System Dashboard WordPress plugin exposes sensitive system information to unauthorized users due to misconfigured access controls. This vulne...

This vulnerability in Synapse's Sliding Sync feature allows users who have left a room to still receive partial room state updates, potentially exposi...

This vulnerability in NSD570 allows any authenticated user to access all device logs, potentially exposing login information with timestamps. This aff...

This vulnerability in IBM Concert Software allows authenticated users to access sensitive information that could facilitate further attacks. It affect...

This vulnerability in IBM Jazz Reporting Service allows authenticated users on the same network to access sensitive information from other projects on...

This vulnerability in IBM Aspera Faspex 5 allows authenticated users to enumerate sensitive information by discovering package identifiers. It affects...

An authenticated administrator in Palo Alto Networks PAN-OS software can view session tokens of users logged into the firewall web UI, potentially ena...

CVE-2025-13651 is an information disclosure vulnerability in Microcom ZeusWeb version 6.1.31 that allows unauthorized attackers to fingerprint the web...

This vulnerability in Yokogawa's FAST/TOOLS software exposes physical file paths on web pages, potentially revealing sensitive system information. Att...

CVE-2025-59098 is an unauthenticated, unencrypted TCP socket vulnerability in dormakaba Access Manager that broadcasts sensitive debug information inc...

This vulnerability allows attackers to access sensitive files containing clear-text credentials and valuable information on charging systems. It affec...

This vulnerability in Sharp Display Solutions projectors allows unauthorized attackers to access the HTTP server interface and execute arbitrary actio...