Loading...
Loading...
8,715 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 20065…
IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive inf…
IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.
Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon…
Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount o…
Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue a…
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to un…
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens t…
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft Excel Information Disclosure Vulnerability
Microsoft Office Information Disclosure Vulnerability
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker wi…
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information s…
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP res…
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to d…
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The Special:AbuseFilter/examine form allowed for the disclosure of suppressed MediaWiki usernames to unprivileged users.
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downl…
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.
3D Viewer Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows Bind Filter Driver Information Disclosure Vulnerability
Event Tracing for Windows Information Disclosure Vulnerability
Server for NFS Information Disclosure Vulnerability
Server for NFS Information Disclosure Vulnerability
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions …
This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers.
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to …
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentia…
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related co…
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four …
EchelonGraph correlates every CVE — across CWE-200 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →