CWE-497— Exposure of Sensitive System Information to an Unauthorized Control Sphere
308 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-497page 6 of 7
- CVE-2025-67564MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects P…
- CVE-2025-67565MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1.
- CVE-2025-67567MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11.
- CVE-2025-67621MEDIUMCVSS 4.3EG 7.52025-12-24
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Wo…
- CVE-2025-6769MEDIUMCVSS 4.3EG 4.32025-09-12
An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing r…
- CVE-2025-67717MEDIUMCVSS 4.3EG 4.32025-12-11
ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this doe…
- CVE-2025-67948MEDIUMCVSS 4.3EG 4.32025-12-16
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects Send…
- CVE-2025-67954MEDIUMCVSS 6.5EG 6.52026-01-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a …
- CVE-2025-68046MEDIUMCVSS 6.5EG 6.52026-01-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Le…
- CVE-2025-68494MEDIUMCVSS 5.3EG 7.52025-12-24
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elem…
- CVE-2025-68551MEDIUMCVSS 6.5EG 6.52025-12-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm v-form allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through <= 3.2.24.
- CVE-2025-68576MEDIUMCVSS 4.3EG 7.52025-12-24
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.
- CVE-2025-68606MEDIUMCVSS 5.3EG 7.52025-12-24
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
- CVE-2025-68943MEDIUMCVSS 5.3EG 5.32025-12-26
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
- CVE-2025-68988MEDIUMCVSS 5.3EG 7.52025-12-30
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a throug…
- CVE-2025-69025MEDIUMCVSS 4.3EG 4.32025-12-30
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through <= 1.0.20.
- CVE-2025-69026MEDIUMCVSS 4.3EG 4.32025-12-30
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.
- CVE-2025-7381MEDIUMCVSS 5.3EG 5.32025-07-09
ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potent…
- CVE-2025-8597MEDIUMCVSS 4.8EG 0.02025-08-26
MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the proc…
- CVE-2025-8700MEDIUMCVSS 4.8EG 0.02025-08-26
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify t…
- CVE-2025-9110HIGHCVSS 7.5EG 7.52026-01-02
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application dat…
- CVE-2025-9364HIGHCVSS 8.8EG 8.82025-09-09
An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.
- CVE-2025-9986HIGHCVSS 8.2EG 8.22026-02-11
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
- CVE-2026-0239MEDIUMCVSS 4.9EG 4.92026-05-13
An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.
- CVE-2026-0240MEDIUMCVSS 4.5EG 4.52026-05-13
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any …
- CVE-2026-0494MEDIUMCVSS 4.3EG 4.32026-01-13
Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and a…
- CVE-2026-0853MEDIUMCVSS 5.3EG 5.32026-01-12
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information.
- CVE-2026-0887MEDIUMCVSS 4.3EG 5.32026-01-13
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- CVE-2026-22537MEDIUMCVSS 6.8EG 0.02026-01-07
The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker.
- CVE-2026-22915MEDIUMCVSS 4.3EG 4.32026-01-15
An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
- CVE-2026-24222HIGHCVSS 8.6EG 8.62026-04-28
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host …
- CVE-2026-24377MEDIUMCVSS 4.3EG 7.52026-01-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through …
- CVE-2026-24523MEDIUMCVSS 5.3EG 7.52026-01-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <…
- CVE-2026-24536MEDIUMCVSS 5.3EG 7.52026-01-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.
- CVE-2026-24553MEDIUMCVSS 4.3EG 4.32026-01-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Dat…
- CVE-2026-24593MEDIUMCVSS 5.3EG 5.32026-01-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: fr…
- CVE-2026-24998MEDIUMCVSS 5.3EG 5.32026-02-03
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a th…
- CVE-2026-25023MEDIUMCVSS 5.3EG 5.32026-02-03
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Con…
- CVE-2026-25468MEDIUMCVSS 5.3EG 5.32026-05-07
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.
- CVE-2026-27349MEDIUMCVSS 4.3EG 4.32026-05-21
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5.
- CVE-2026-33617MEDIUMCVSS 5.3EG 5.32026-04-02
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
- CVE-2026-34413HIGHCVSS 8.6EG 8.62026-04-22
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() …
- CVE-2026-39469MEDIUMCVSS 4.3EG 4.32026-04-08
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8.
- CVE-2026-39516MEDIUMCVSS 5.3EG 5.32026-04-08
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through …
- CVE-2026-39536MEDIUMCVSS 5.3EG 5.32026-04-08
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2…
- CVE-2026-39566MEDIUMCVSS 4.3EG 4.02026-04-08
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.
- CVE-2026-39571MEDIUMCVSS 5.3EG 5.32026-04-08
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.
- CVE-2026-39572MEDIUMCVSS 4.3EG 4.02026-04-08
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue…
- CVE-2026-39686MEDIUMCVSS 5.3EG 5.32026-04-08
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
- CVE-2026-41335MEDIUMCVSS 5.3EG 5.32026-04-23
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Co…
Map vulnerabilities like CWE-497 to your infrastructure
EchelonGraph correlates every CVE — across CWE-497 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →