CWE-497— Exposure of Sensitive System Information to an Unauthorized Control Sphere
308 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-497page 5 of 7
- CVE-2025-53364MEDIUMCVSS 5.3EG 5.32025-07-10
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema witho…
- CVE-2025-53862LOWCVSS 3.5EG 3.52025-07-11
A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.
- CVE-2025-5416LOWCVSS 2.7EG 2.72025-06-20
A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment informa…
- CVE-2025-54422MEDIUMCVSS 5.5EG 5.52025-07-29
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox crea…
- CVE-2025-54459HIGHCVSS 7.5EG 7.52025-10-29
Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request m…
- CVE-2025-54736MEDIUMCVSS 5.3EG 5.32025-08-14
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy savoy allows Retrieve Embedded Sensitive Data.This issue affects Savoy: from n/a through <= 3.0.8.
- CVE-2025-57888MEDIUMCVSS 5.3EG 5.32025-08-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster noo-jobmonster allows Retrieve Embedded Sensitive Data.This issue affects Jobmonster: from n/a through <= 4.8.0.
- CVE-2025-57916MEDIUMCVSS 4.3EG 4.32025-09-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information wp-system-info allows Retrieve Embedded Sensitive Data.This issue affects WP System Information: from n/a through …
- CVE-2025-57937MEDIUMCVSS 4.3EG 4.32025-09-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through…
- CVE-2025-58007MEDIUMCVSS 4.3EG 4.32025-09-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through <= 1.35.2.
- CVE-2025-58015MEDIUMCVSS 5.3EG 5.32025-09-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker quiz-maker allows Retrieve Embedded Sensitive Data.This issue affects Quiz Maker: from n/a through <= 6.7.0.65.
- CVE-2025-58579MEDIUMCVSS 5.3EG 5.32025-10-06
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
- CVE-2025-58583MEDIUMCVSS 5.3EG 5.32025-10-06
The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
- CVE-2025-58585MEDIUMCVSS 5.3EG 5.32025-10-06
Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.
- CVE-2025-58797MEDIUMCVSS 5.3EG 5.32025-09-05
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts ninja-charts allows Retrieve Embedded Sensitive Data.This issue affects Ninja Charts: from n/a through <= 3.3.5.
- CVE-2025-58866LOWCVSS 2.7EG 2.72025-09-05
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through <= 1.1.
- CVE-2025-5893CRITICALCVSS 9.8EG 9.82025-06-09
Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
- CVE-2025-59098HIGHCVSS 8.7EG 0.02026-01-26
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web…
- CVE-2025-59447LOWCVSS 2.2EG 2.22025-10-06
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials.
- CVE-2025-59575MEDIUMCVSS 4.9EG 5.02025-10-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: fro…
- CVE-2025-59582MEDIUMCVSS 5.3EG 5.32025-09-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Retrieve Embedded Sensitive Data.This issue affects Ajax Load More: from n/a through <= 7.6.0.2.
- CVE-2025-60092MEDIUMCVSS 5.3EG 5.32025-09-26
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.25.
- CVE-2025-60119MEDIUMCVSS 5.3EG 5.32025-09-26
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through <= 3.3.11.
- CVE-2025-60167MEDIUMCVSS 4.3EG 4.32025-09-26
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Page Manager for Elementor:…
- CVE-2025-62083MEDIUMCVSS 4.3EG 4.32025-12-31
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon coming-soon-by-boomdevs allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Com…
- CVE-2025-62114MEDIUMCVSS 5.3EG 5.32025-12-31
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from…
- CVE-2025-62143MEDIUMCVSS 4.3EG 4.32025-12-31
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players video-playlist-and-gallery-plugin allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n…
- CVE-2025-62524MEDIUMCVSS 5.3EG 5.32025-10-27
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This…
- CVE-2025-62735MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1.
- CVE-2025-62737MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through <= 1.9.2.
- CVE-2025-62902MEDIUMCVSS 5.3EG 7.52025-10-27
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.8.
- CVE-2025-62955MEDIUMCVSS 4.3EG 4.32025-12-21
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Retrieve Embedded Sensitive Data.This issue affects TempTool [Show C…
- CVE-2025-63009MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events:…
- CVE-2025-63013MEDIUMCVSS 4.3EG 4.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
- CVE-2025-63051MEDIUMCVSS 4.3EG 7.52026-01-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.
- CVE-2025-63058MEDIUMCVSS 4.3EG 4.42025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: fro…
- CVE-2025-63070MEDIUMCVSS 4.3EG 4.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32.
- CVE-2025-6390MEDIUMCVSS 4.4EG 4.42025-07-10
Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SAN…
- CVE-2025-64061MEDIUMCVSS 4.3EG 4.32025-11-25
Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level (including standard or low-privileged user…
- CVE-2025-64228MEDIUMCVSS 4.3EG 4.32025-10-29
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.…
- CVE-2025-64258HIGHCVSS 7.5EG 7.52025-12-18
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2…
- CVE-2025-64267MEDIUMCVSS 4.3EG 4.32025-11-13
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects…
- CVE-2025-64270MEDIUMCVSS 6.5EG 6.52025-12-18
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through <…
- CVE-2025-64272MEDIUMCVSS 6.5EG 6.52025-12-18
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Retrieve Embedded Sensitive Data.This issue affects E…
- CVE-2025-6561CRITICALCVSS 9.8EG 9.82025-06-26
Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext…
- CVE-2025-66056MEDIUMCVSS 4.3EG 4.32025-11-21
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.…
- CVE-2025-66059MEDIUMCVSS 5.3EG 5.32025-11-21
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Po…
- CVE-2025-66599MEDIUMCVSS 6.9EG 0.02026-02-09
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and v…
- CVE-2025-67470MEDIUMCVSS 4.3EG 4.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: f…
- CVE-2025-67546MEDIUMCVSS 6.5EG 6.52025-12-18
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
Map vulnerabilities like CWE-497 to your infrastructure
EchelonGraph correlates every CVE — across CWE-497 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →