CWE-612
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-612page 1 of 1
- CVE-2022-22565MEDIUMCVSS 4.7EG 3.82022-04-12
Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modificat…
- CVE-2022-35980HIGHCVSS 7.5EG 7.52022-08-12
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch…
- CVE-2022-41918MEDIUMCVSS 6.3EG 6.32022-11-15
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are…
- CVE-2023-2260HIGHCVSS 8.8EG 8.82023-04-24
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
- CVE-2023-4560MEDIUMCVSS 6.5EG 6.52023-08-28
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
- CVE-2024-25635HIGHCVSS 8.8EG 8.82024-02-19
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/<user_id>` en…
- CVE-2024-49071MEDIUMCVSS 6.5EG 6.52024-12-12
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
- CVE-2025-3653HIGHCVSS 7.3EG 7.32026-01-04
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can con…
- CVE-2025-3654MEDIUMCVSS 5.3EG 5.32026-01-04
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device se…
- CVE-2025-3660MEDIUMCVSS 6.5EG 6.52026-01-04
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send reques…
- CVE-2025-57756MEDIUMCVSS 5.3EG 5.32025-08-28
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue…
Map vulnerabilities like CWE-612 to your infrastructure
EchelonGraph correlates every CVE — across CWE-612 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →