Show CWE-200: Information Exposure

	Topic	Date	Author
Med.	TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write	14.11.2024	Filip Palian
High	Plantronics Hub 3.25.1 Arbitrary File Read	16.05.2024	Alaa Kachouh
High	Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read	11.03.2024	Youssef Muhammad
Med.	Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read	29.01.2024	binganao
Med.	Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read	19.08.2023	Hank Leininger
Med.	OX App Suite SSRF / SQL Injection / Cross Site Scripting	03.08.2023	Mehmet Ince
High	Bludit < 3.13.1 Backup Plugin Arbitrary File Download (Authenticated)	11.07.2023	Antonio Cuomo (arkanto...
Med.	OX App Suite XSS / Information Disclosure / Authorization Bypass	09.05.2023	Martin Heiland
Med.	SecurePoint UTM 12.x Session ID Leak	18.04.2023	Julien Ahrens
Low	MiniDVBLinux 5.4 Arbitrary File Read	18.10.2022	LiquidWorm
High	Active eCommerce CMS 6.3.0 Arbitrary File Download	28.09.2022	th3d1gger
High	WordPress BackupBuddy 8.7.4.1 Arbitrary File Read	07.09.2022	Anonymouse
Low	SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure	22.06.2022	Yvan Genuer
Med.	Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure	06.06.2022	Julien Ahrens
High	WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read	24.03.2022	Hassan Khan Yusufzai
High	TermTalk Server 3.24.0.2 Arbitrary File Read	05.01.2022	Fabiano Golluscio
High	Oliver Library Server v5 Arbitrary File Download	19.12.2021	Mandeep Singh, Ishaan ...
Med.	Grafana 8.3.0 Directory Traversal / Arbitrary File Read	09.12.2021	s1gh
High	TestLink 1.19 Arbitrary File Download	09.12.2021	Gonzalo Villegas
Med.	WordPress DZS Zoomsounds 6.45 Arbitrary File Read	05.12.2021	Uriel Yochpaz
High	WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)	03.12.2021	Uriel Yochpaz
High	Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download	16.11.2021	Rizal Muhammed
Med.	SAP Enterprise Portal Sensitive Data Disclosure	23.10.2021	Yvan Genuer
High	WordPress Duplicator 1.3.26 Arbitrary File Read	18.10.2021	nam3lum
High	Atlassian Confluence Server 7.5.1 Arbitrary File Read	06.10.2021	Mayank Deshmukh
Med.	WordPress BulletProof Security 5.1 Information Disclosure	06.10.2021	Ron Jost
Med.	Longjing Technology BEMS API 1.21 Remote Arbitrary File Download	30.07.2021	LiquidWorm
High	ES File Explorer 4.1.9.7.4 Arbitrary File Read	29.06.2021	Nehal Zaman
Med.	SAP Hybris eCommerce Information Disclosure	15.06.2021	Gaston Traberg
High	Hasura GraphQL 1.3.3 Arbitrary File Read	22.04.2021	Dolev Farhi
High	Novel Boutique House-plus 3.5.1 Arbitrary File Download	29.03.2021	tuyiqiang
Med.	Apache Flink 1.11.0 Unauthenticated Arbitrary File Read (Metasploit)	14.01.2021	Suncsr
Med.	Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal	08.01.2021	SunCSR
Med.	WordPress Plugin W3 Total Cache Unauthenticated Arbitrary File Read (Metasploit)	06.01.2021	SunCSR
Med.	URVE Software Build 24.03.2020 Information Disclosure	30.12.2020	Erik Steltzner
Med.	Wordpress Plugin Duplicator 1.3.26 Unauthenticated Arbitrary File Read (Metasploit)	18.12.2020	Nguyen
High	Gitlab 12.9.0 Arbitrary File Read (Authenticated)	19.11.2020	Jasper Rasenberg
Low	Amazon Web Services - Database Disclosure (Sensitive Information)	13.09.2020	Gh05t666nero
Med.	HelloWeb 2.0 Arbitrary File Download	11.07.2020	bRpsd
High	jizhi CMS 1.6.7 Arbitrary File Download	21.04.2020	iej1ctk1g
High	Webtateas 2.0 Arbitrary File Read	15.04.2020	CBIITMC
Low	UniSharp Laravel File Manager 2.0.0 Arbitrary File Read	04.03.2020	NgoAnhDuc
Low	Antiprizuv Form-Data Log Emails Information Disclosure	26.12.2019	L4663r666h05t
High	IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read	03.09.2019	Todor Donev
Med.	Joomla JS Support Ticket 1.1.5 Arbitrary File Download	09.08.2019	qw3rTyTy
Med.	DuckSell 3.0.0 Database Disclosure	10.06.2019	KingSkrupellos
Med.	SmartLIB Library Software Database Disclosure	03.06.2019	KingSkrupellos
Med.	OpenEvSys Software 2.2 Database Disclosure	02.06.2019	KingSkrupellos
Med.	Open-EMR HealthCare Software 5.0.1 Database Disclosure	02.06.2019	KingSkrupellos
Med.	GinoCMS Software 2.x Database Disclosure	02.06.2019	KingSkrupellos
Med.	OCSInventory-NG Software CMS 2.6 RC Database Disclosure	02.06.2019	KingSkrupellos
Med.	AgniCMS 1.6 Database Disclosure	02.06.2019	KingSkrupellos
Low	Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure	28.04.2019	Cisco Talos
Low	Sierra Wireless AirLink ES450 ACEManager Information Disclosure	28.04.2019	Cisco Talos
Med.	RingsDB Software 1.0.0 Database Disclosure	20.04.2019	KingSkrupellos
Med.	NIT-Warangal Dispensary Management System India 1.0 Database Disclosure	17.04.2019	KingSkrupellos
Med.	CyberShadeCMS v1 Database Disclosure	14.04.2019	KingSkrupellos
Med.	PragyanCMS 3.0 Beta Database Disclosure	14.04.2019	KingSkrupellos
Med.	TarichiCMS Web Publishing System v2 Database Disclosure	14.04.2019	KingSkrupellos
Med.	Opus Online Placement University System 4.2.0 Database Disclosure	12.04.2019	KingSkrupellos
Med.	OrangeScrum Project Management Software 1.6.1 Database Disclosure	12.04.2019	KingSkrupellos
Med.	Gibbonedu The Flexible School Platform 17.0.00 Database Disclosure	12.04.2019	KingSkrupellos
Med.	JobSkee Open Source JobBoard 1.1.3 Database Disclosure	12.04.2019	KingSkrupellos
Med.	MajorDoMo Domestic Module Database Disclosure	10.04.2019	KingSkrupellos
High	Themosis Framework BookStore 1.3.0 Database Disclosure	10.04.2019	KingSkrupellos
High	NekoCMS 2.5 Database Disclosure	10.04.2019	KingSkrupellos
High	YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure	10.04.2019	KingSkrupellos
Med.	Norbye CMS Database Disclosure	10.04.2019	KingSkrupellos
Med.	Nova CMS Software 3.77.3 Database Disclosure	08.04.2019	KingSkrupellos
Med.	NeoFragCMS Alpha 0.2.1 Database Disclosure	05.04.2019	KingSkrupellos
High	TheDayLightStudio GetFuelCMS 0.9.3 Database Disclosure	05.04.2019	KingSkrupellos
High	YonaCMS Software 1.3.2 Database Disclosure	05.04.2019	KingSkrupellos
Med.	Senayan Slims Meranti 5 Database Disclosure	04.04.2019	KingSkrupellos
Med.	ClipBucket 2.6 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Luya CMS 1.0.0 Database Disclosure	04.04.2019	KingSkrupellos
Med.	OpenMonero MyMonero 1.1.9 Database Disclosure	04.04.2019	KingSkrupellos
Med.	RainCMS Alpha 1.0 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Complaint Management System CMS 4.0.4.1 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Mash Project Integrated 4.2.7.1 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	DataWrapper ProtoType 0.8 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	Ektron CMS 9 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	Shinobi Security Software 1.0 Database Disclosure Exploit	02.04.2019	KingSkrupellos
High	WordPress Ultimate Form Builder Plugins 1.0 Database Disclosure	28.03.2019	KingSkrupellos
Med.	WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure	27.03.2019	KingSkrupellos
Med.	Independent University of Bangladesh IUB Database Disclosure	22.03.2019	KingSkrupellos
Med.	F3-CMS FatFreeFramework 0.0.1 Database Disclosure	15.02.2019	KingSkrupellos
High	WordPress Ad Manager WD 1.0.11 Arbitrary File Download	29.01.2019	41!kh4224rDz
Med.	Papoo CMS PKalender Plugins 3.5 Database Disclosure	28.01.2019	KingSkrupellos
Med.	Joomla RSFirewall Components 2.11.25 Database and Password Disclosure	25.01.2019	KingSkrupellos
Med.	Joomla JVFramework Components 1.6.4.0 Database Disclosure	21.01.2019	KingSkrupellos
Med.	Joomla Akeeba Backup Components 6.3.3 Database Disclosure	19.01.2019	KingSkrupellos
Med.	Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection	19.01.2019	KingSkrupellos
Low	Mozilla Firefox 64 Information Disclosure	18.01.2019	Dr. Vladimir Bostanov
Med.	Joomla ZHYandexMap Components 8.0.0.2 Database Disclosure	18.01.2019	KingSkrupellos
Med.	eBrigade ERP 4.5 Arbitrary File Download	11.01.2019	Ozkan Mustafa Akkus
Med.	Typo3 CMS twwc_pages Extension 8.7.x Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS Site Crawler Extension 6.1.2 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS YAG Themepack jQuery Extension 1.3.2 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS pw_highslide_gallery Extension 0.3.1 Database Disclosure	04.01.2019	KingSkrupellos

CVEMAP Search Results

CVE

Details

Description

2024-10-23

CVE-2024-9530

Updating...

The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.

2024-10-22

CVE-2024-9541	Updating...	The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.
CVE-2024-9627	Updating...	The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot.
CVE-2024-8852	Updating...	The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files.
CVE-2024-50312	Updating...	A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation.

2024-10-19

CVE-2024-9889

Updating...

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to.

2024-10-17

	CVE-2024-7417	Updating...	The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.
	CVE-2024-49284	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1.

2024-10-16

	CVE-2024-9540	Updating...	The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.
	CVE-2017-20194	Updating...	The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.

14.11.2024

16.05.2024

11.03.2024

29.01.2024

19.08.2023

03.08.2023

11.07.2023

09.05.2023

18.04.2023

18.10.2022

28.09.2022

07.09.2022

22.06.2022

06.06.2022

24.03.2022

05.01.2022

19.12.2021

09.12.2021

09.12.2021

05.12.2021

03.12.2021

16.11.2021

23.10.2021

18.10.2021

06.10.2021

06.10.2021

30.07.2021

29.06.2021

15.06.2021

22.04.2021

29.03.2021

14.01.2021

08.01.2021

06.01.2021

30.12.2020

18.12.2020

19.11.2020

13.09.2020

11.07.2020

21.04.2020

15.04.2020

04.03.2020

26.12.2019

03.09.2019

09.08.2019

10.06.2019

03.06.2019

02.06.2019

02.06.2019

02.06.2019

02.06.2019

02.06.2019

28.04.2019

28.04.2019

20.04.2019

17.04.2019

14.04.2019

14.04.2019

14.04.2019

12.04.2019

12.04.2019

12.04.2019

12.04.2019

10.04.2019

10.04.2019

10.04.2019

10.04.2019

10.04.2019

08.04.2019

05.04.2019

05.04.2019

05.04.2019

04.04.2019

04.04.2019

04.04.2019