Show CWE-200: Information Exposure

	Topic	Date	Author
High	Plantronics Hub 3.25.1 Arbitrary File Read	16.05.2024	Alaa Kachouh
High	Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read	11.03.2024	Youssef Muhammad
Med.	Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read	29.01.2024	binganao
Med.	Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read	19.08.2023	Hank Leininger
Med.	OX App Suite SSRF / SQL Injection / Cross Site Scripting	03.08.2023	Mehmet Ince
High	Bludit < 3.13.1 Backup Plugin Arbitrary File Download (Authenticated)	11.07.2023	Antonio Cuomo (arkanto...
Med.	OX App Suite XSS / Information Disclosure / Authorization Bypass	09.05.2023	Martin Heiland
Med.	SecurePoint UTM 12.x Session ID Leak	18.04.2023	Julien Ahrens
Low	MiniDVBLinux 5.4 Arbitrary File Read	18.10.2022	LiquidWorm
High	Active eCommerce CMS 6.3.0 Arbitrary File Download	28.09.2022	th3d1gger
High	WordPress BackupBuddy 8.7.4.1 Arbitrary File Read	07.09.2022	Anonymouse
Low	SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure	22.06.2022	Yvan Genuer
Med.	Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure	06.06.2022	Julien Ahrens
High	WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read	24.03.2022	Hassan Khan Yusufzai
High	TermTalk Server 3.24.0.2 Arbitrary File Read	05.01.2022	Fabiano Golluscio
High	Oliver Library Server v5 Arbitrary File Download	19.12.2021	Mandeep Singh, Ishaan ...
Med.	Grafana 8.3.0 Directory Traversal / Arbitrary File Read	09.12.2021	s1gh
High	TestLink 1.19 Arbitrary File Download	09.12.2021	Gonzalo Villegas
Med.	WordPress DZS Zoomsounds 6.45 Arbitrary File Read	05.12.2021	Uriel Yochpaz
High	WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)	03.12.2021	Uriel Yochpaz
High	Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download	16.11.2021	Rizal Muhammed
Med.	SAP Enterprise Portal Sensitive Data Disclosure	23.10.2021	Yvan Genuer
High	WordPress Duplicator 1.3.26 Arbitrary File Read	18.10.2021	nam3lum
High	Atlassian Confluence Server 7.5.1 Arbitrary File Read	06.10.2021	Mayank Deshmukh
Med.	WordPress BulletProof Security 5.1 Information Disclosure	06.10.2021	Ron Jost
Med.	Longjing Technology BEMS API 1.21 Remote Arbitrary File Download	30.07.2021	LiquidWorm
High	ES File Explorer 4.1.9.7.4 Arbitrary File Read	29.06.2021	Nehal Zaman
Med.	SAP Hybris eCommerce Information Disclosure	15.06.2021	Gaston Traberg
High	Hasura GraphQL 1.3.3 Arbitrary File Read	22.04.2021	Dolev Farhi
High	Novel Boutique House-plus 3.5.1 Arbitrary File Download	29.03.2021	tuyiqiang
Med.	Apache Flink 1.11.0 Unauthenticated Arbitrary File Read (Metasploit)	14.01.2021	Suncsr
Med.	Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal	08.01.2021	SunCSR
Med.	WordPress Plugin W3 Total Cache Unauthenticated Arbitrary File Read (Metasploit)	06.01.2021	SunCSR
Med.	URVE Software Build 24.03.2020 Information Disclosure	30.12.2020	Erik Steltzner
Med.	Wordpress Plugin Duplicator 1.3.26 Unauthenticated Arbitrary File Read (Metasploit)	18.12.2020	Nguyen
High	Gitlab 12.9.0 Arbitrary File Read (Authenticated)	19.11.2020	Jasper Rasenberg
Low	Amazon Web Services - Database Disclosure (Sensitive Information)	13.09.2020	Gh05t666nero
Med.	HelloWeb 2.0 Arbitrary File Download	11.07.2020	bRpsd
High	jizhi CMS 1.6.7 Arbitrary File Download	21.04.2020	iej1ctk1g
High	Webtateas 2.0 Arbitrary File Read	15.04.2020	CBIITMC
Low	UniSharp Laravel File Manager 2.0.0 Arbitrary File Read	04.03.2020	NgoAnhDuc
Low	Antiprizuv Form-Data Log Emails Information Disclosure	26.12.2019	L4663r666h05t
High	IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read	03.09.2019	Todor Donev
Med.	Joomla JS Support Ticket 1.1.5 Arbitrary File Download	09.08.2019	qw3rTyTy
Med.	DuckSell 3.0.0 Database Disclosure	10.06.2019	KingSkrupellos
Med.	SmartLIB Library Software Database Disclosure	03.06.2019	KingSkrupellos
Med.	OpenEvSys Software 2.2 Database Disclosure	02.06.2019	KingSkrupellos
Med.	Open-EMR HealthCare Software 5.0.1 Database Disclosure	02.06.2019	KingSkrupellos
Med.	GinoCMS Software 2.x Database Disclosure	02.06.2019	KingSkrupellos
Med.	OCSInventory-NG Software CMS 2.6 RC Database Disclosure	02.06.2019	KingSkrupellos
Med.	AgniCMS 1.6 Database Disclosure	02.06.2019	KingSkrupellos
Low	Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure	28.04.2019	Cisco Talos
Low	Sierra Wireless AirLink ES450 ACEManager Information Disclosure	28.04.2019	Cisco Talos
Med.	RingsDB Software 1.0.0 Database Disclosure	20.04.2019	KingSkrupellos
Med.	NIT-Warangal Dispensary Management System India 1.0 Database Disclosure	17.04.2019	KingSkrupellos
Med.	CyberShadeCMS v1 Database Disclosure	14.04.2019	KingSkrupellos
Med.	PragyanCMS 3.0 Beta Database Disclosure	14.04.2019	KingSkrupellos
Med.	TarichiCMS Web Publishing System v2 Database Disclosure	14.04.2019	KingSkrupellos
Med.	Opus Online Placement University System 4.2.0 Database Disclosure	12.04.2019	KingSkrupellos
Med.	OrangeScrum Project Management Software 1.6.1 Database Disclosure	12.04.2019	KingSkrupellos
Med.	Gibbonedu The Flexible School Platform 17.0.00 Database Disclosure	12.04.2019	KingSkrupellos
Med.	JobSkee Open Source JobBoard 1.1.3 Database Disclosure	12.04.2019	KingSkrupellos
Med.	MajorDoMo Domestic Module Database Disclosure	10.04.2019	KingSkrupellos
High	Themosis Framework BookStore 1.3.0 Database Disclosure	10.04.2019	KingSkrupellos
High	NekoCMS 2.5 Database Disclosure	10.04.2019	KingSkrupellos
High	YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure	10.04.2019	KingSkrupellos
Med.	Norbye CMS Database Disclosure	10.04.2019	KingSkrupellos
Med.	Nova CMS Software 3.77.3 Database Disclosure	08.04.2019	KingSkrupellos
Med.	NeoFragCMS Alpha 0.2.1 Database Disclosure	05.04.2019	KingSkrupellos
High	TheDayLightStudio GetFuelCMS 0.9.3 Database Disclosure	05.04.2019	KingSkrupellos
High	YonaCMS Software 1.3.2 Database Disclosure	05.04.2019	KingSkrupellos
Med.	Senayan Slims Meranti 5 Database Disclosure	04.04.2019	KingSkrupellos
Med.	ClipBucket 2.6 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Luya CMS 1.0.0 Database Disclosure	04.04.2019	KingSkrupellos
Med.	OpenMonero MyMonero 1.1.9 Database Disclosure	04.04.2019	KingSkrupellos
Med.	RainCMS Alpha 1.0 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Complaint Management System CMS 4.0.4.1 Database Disclosure	04.04.2019	KingSkrupellos
Med.	Mash Project Integrated 4.2.7.1 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	DataWrapper ProtoType 0.8 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	Ektron CMS 9 Database Disclosure Exploit	02.04.2019	KingSkrupellos
Med.	Shinobi Security Software 1.0 Database Disclosure Exploit	02.04.2019	KingSkrupellos
High	WordPress Ultimate Form Builder Plugins 1.0 Database Disclosure	28.03.2019	KingSkrupellos
Med.	WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure	27.03.2019	KingSkrupellos
Med.	Independent University of Bangladesh IUB Database Disclosure	22.03.2019	KingSkrupellos
Med.	F3-CMS FatFreeFramework 0.0.1 Database Disclosure	15.02.2019	KingSkrupellos
High	WordPress Ad Manager WD 1.0.11 Arbitrary File Download	29.01.2019	41!kh4224rDz
Med.	Papoo CMS PKalender Plugins 3.5 Database Disclosure	28.01.2019	KingSkrupellos
Med.	Joomla RSFirewall Components 2.11.25 Database and Password Disclosure	25.01.2019	KingSkrupellos
Med.	Joomla JVFramework Components 1.6.4.0 Database Disclosure	21.01.2019	KingSkrupellos
Med.	Joomla Akeeba Backup Components 6.3.3 Database Disclosure	19.01.2019	KingSkrupellos
Med.	Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection	19.01.2019	KingSkrupellos
Low	Mozilla Firefox 64 Information Disclosure	18.01.2019	Dr. Vladimir Bostanov
Med.	Joomla ZHYandexMap Components 8.0.0.2 Database Disclosure	18.01.2019	KingSkrupellos
Med.	eBrigade ERP 4.5 Arbitrary File Download	11.01.2019	Ozkan Mustafa Akkus
Med.	Typo3 CMS twwc_pages Extension 8.7.x Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS Site Crawler Extension 6.1.2 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS YAG Themepack jQuery Extension 1.3.2 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure	04.01.2019	KingSkrupellos
Med.	Typo3 CMS pw_highslide_gallery Extension 0.3.1 Database Disclosure	04.01.2019	KingSkrupellos
Med.	PrestaShop PM_ModalCart Modules 1.6.1.4 Database Disclosure	01.01.2019	KingSkrupellos

CVEMAP Search Results

CVE

Details

Description

2024-07-26

CVE-2024-7128

Updating...

A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.

2024-07-22

CVE-2024-23321

Updating...

For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list. To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0.

2024-07-18

CVE-2023-40159

Updating...

A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.

2024-07-15

CVE-2024-6398

Updating...

An information disclosure vulnerability in SWG in versions 12.x prior to 12.2.10 and 11.x prior to 11.2.24 allows information stored in a customizable block page to be disclosed to third-party websites due to Same Origin Policy Bypass of browsers in certain scenarios. The risk is low, because other recommended default security policies such as URL categorization and GTI are in place in most policies to block access to uncategorized/high risk websites. Any information disclosed depends on how the customers have customized the block pages.

2024-07-11

CVE-2024-6407

Updating...

CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.

2024-07-10

CVE-2024-6421	Updating...	An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.
CVE-2024-6646	Updating...	A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-37504	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6.
CVE-2024-37115	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.
CVE-2024-37113	Updating...	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.

16.05.2024

11.03.2024

29.01.2024

19.08.2023

03.08.2023

11.07.2023

09.05.2023

18.04.2023

18.10.2022

28.09.2022

07.09.2022

22.06.2022

06.06.2022

24.03.2022

05.01.2022

19.12.2021

09.12.2021

09.12.2021

05.12.2021

03.12.2021

16.11.2021

23.10.2021

18.10.2021

06.10.2021

06.10.2021

30.07.2021

29.06.2021

15.06.2021

22.04.2021

29.03.2021

14.01.2021

08.01.2021

06.01.2021

30.12.2020

18.12.2020

19.11.2020

13.09.2020

11.07.2020

21.04.2020

15.04.2020

04.03.2020

26.12.2019

03.09.2019

09.08.2019

10.06.2019

03.06.2019

02.06.2019

02.06.2019

02.06.2019

02.06.2019

02.06.2019

28.04.2019

28.04.2019

20.04.2019

17.04.2019

14.04.2019

14.04.2019

14.04.2019

12.04.2019

12.04.2019

12.04.2019

12.04.2019

10.04.2019

10.04.2019

10.04.2019

10.04.2019

10.04.2019

08.04.2019

05.04.2019

05.04.2019

05.04.2019

04.04.2019

04.04.2019

04.04.2019

04.04.2019