CWE-1295
21 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1295page 1 of 1
- CVE-2021-25476MEDIUMCVSS 4.1EG 4.42021-10-06
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
- CVE-2021-31412MEDIUMCVSS 5.3EG 5.32021-06-24
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 thro…
- CVE-2022-27597LOWCVSS 2.7EG 4.32023-03-29
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating …
- CVE-2022-34364MEDIUMCVSS 4.4EG 4.42023-02-10
Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. .
- CVE-2023-28077MEDIUMCVSS 4.4EG 4.42024-02-10
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
- CVE-2023-4215MEDIUMCVSS 6.5EG 6.52023-10-17
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
- CVE-2023-5392HIGHCVSS 7.5EG 7.52024-04-11
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notificat…
- CVE-2024-11217MEDIUMCVSS 4.9EG 4.92024-11-15
A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.
- CVE-2024-27179MEDIUMCVSS 4.7EG 4.72024-06-14
Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.
- CVE-2024-38516HIGHCVSS 8.8EG 8.82024-06-25
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.2…
- CVE-2024-45784HIGHCVSS 7.5EG 7.52024-11-15
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables…
- CVE-2025-1053MEDIUMCVSS 4.9EG 4.92025-02-14
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use t…
- CVE-2025-12910MEDIUMCVSS 6.2EG 6.22025-11-08
Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)
- CVE-2025-20643LOWCVSS 3.9EG 5.72025-02-03
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege.…
- CVE-2025-2469LOWCVSS 3.7EG 3.72025-04-10
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users.
- CVE-2025-2877MEDIUMCVSS 6.5EG 6.52025-03-28
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "…
- CVE-2025-31001HIGHCVSS 7.5EG 7.52025-04-01
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through <= 2.4.0.
- CVE-2025-35031LOWCVSS 3.3EG 3.32025-09-29
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This i…
- CVE-2025-42604MEDIUMCVSS 6.9EG 0.02025-04-23
This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as…
- CVE-2025-46775MEDIUMCVSS 5.5EG 5.52025-11-18
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated us…
- CVE-2025-59109MEDIUMCVSS 5.1EG 0.02026-01-26
The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are ex…
Map vulnerabilities like CWE-1295 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1295 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →