CWE-497— Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.— MITRE CWE catalog
338 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-497page 6 of 7
- CVE-2025-67470MEDIUMCVSS 4.3EG 4.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: f…
- CVE-2025-67546MEDIUMCVSS 6.5EG 6.52025-12-18
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
- CVE-2025-67564MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects P…
- CVE-2025-67565MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1.
- CVE-2025-67567MEDIUMCVSS 5.3EG 5.32025-12-09
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11.
- CVE-2025-67621MEDIUMCVSS 4.3EG 7.52025-12-24
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Wo…
- CVE-2025-6769MEDIUMCVSS 4.3EG 4.32025-09-12
An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing r…
- CVE-2025-67717MEDIUMCVSS 4.3EG 4.32025-12-11
ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this doe…
- CVE-2025-67948MEDIUMCVSS 4.3EG 4.32025-12-16
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects Send…
- CVE-2025-67954MEDIUMCVSS 6.5EG 6.52026-01-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a …
- CVE-2025-68046MEDIUMCVSS 6.5EG 6.52026-01-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Le…
- CVE-2025-68494MEDIUMCVSS 5.3EG 7.52025-12-24
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elem…
- CVE-2025-68551MEDIUMCVSS 6.5EG 6.52025-12-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm v-form allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through <= 3.2.24.
- CVE-2025-68576MEDIUMCVSS 4.3EG 7.52025-12-24
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.
- CVE-2025-68606MEDIUMCVSS 5.3EG 7.52025-12-24
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.
- CVE-2025-68943MEDIUMCVSS 5.3EG 5.32025-12-26
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
- CVE-2025-68988MEDIUMCVSS 5.3EG 7.52025-12-30
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a throug…
- CVE-2025-69025MEDIUMCVSS 4.3EG 4.32025-12-30
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through <= 1.0.20.
- CVE-2025-69026MEDIUMCVSS 4.3EG 4.32025-12-30
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.
- CVE-2025-7381MEDIUMCVSS 5.3EG 5.32025-07-09
ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potent…
- CVE-2025-8597MEDIUMCVSS 4.8EG 4.82025-08-26
MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the proc…
- CVE-2025-8700MEDIUMCVSS 4.8EG 4.82025-08-26
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify t…
- CVE-2025-9110HIGHCVSS 7.5EG 7.52026-01-02
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application dat…
- CVE-2025-9364HIGHCVSS 8.8EG 8.82025-09-09
An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.
- CVE-2025-9986HIGHCVSS 8.2EG 8.22026-02-11
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: through 13092025.
- CVE-2026-0239MEDIUMCVSS 4.9EG 4.92026-05-13
An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.
- CVE-2026-0240MEDIUMCVSS 4.5EG 4.52026-05-13
An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any …
- CVE-2026-0466MEDIUMCVSS 5.5EG 5.52026-06-09
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
- CVE-2026-0494MEDIUMCVSS 4.3EG 4.32026-01-13
Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and a…
- CVE-2026-0853MEDIUMCVSS 5.3EG 5.32026-01-12
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information.
- CVE-2026-0887MEDIUMCVSS 4.3EG 5.32026-01-13
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- CVE-2026-14808CRITICALCVSS 9.8EG 9.82026-07-06
Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password.
- CVE-2026-22537MEDIUMCVSS 6.8EG 6.82026-01-07
The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker.
- CVE-2026-22915MEDIUMCVSS 4.3EG 4.32026-01-15
An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
- CVE-2026-24222HIGHCVSS 8.6EG 8.62026-04-28
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host …
- CVE-2026-24377MEDIUMCVSS 4.3EG 7.52026-01-22
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through …
- CVE-2026-24523MEDIUMCVSS 5.3EG 7.52026-01-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <…
- CVE-2026-24536MEDIUMCVSS 5.3EG 7.52026-01-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.
- CVE-2026-24553MEDIUMCVSS 4.3EG 4.32026-01-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Dat…
- CVE-2026-24593MEDIUMCVSS 5.3EG 5.32026-01-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: fr…
- CVE-2026-24618MEDIUMCVSS 4.3EG 4.32026-06-12
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4.
- CVE-2026-24998MEDIUMCVSS 5.3EG 5.32026-02-03
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a th…
- CVE-2026-25023MEDIUMCVSS 5.3EG 5.32026-02-03
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Con…
- CVE-2026-25325MEDIUMCVSS 5.3EG 5.32026-02-19
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPr…
- CVE-2026-25344MEDIUMCVSS 6.5EG 6.52026-03-25
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6.
- CVE-2026-25389MEDIUMCVSS 5.3EG 5.32026-02-19
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <…
- CVE-2026-25468MEDIUMCVSS 5.3EG 5.32026-05-07
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.
- CVE-2026-27349MEDIUMCVSS 4.3EG 4.32026-05-21
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5.
- CVE-2026-3075MEDIUMCVSS 5.3EG 5.32026-02-23
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat: from n/a through <= 20251…
- CVE-2026-32372MEDIUMCVSS 5.3EG 5.32026-03-13
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder…
Map vulnerabilities like CWE-497 to your infrastructure
EchelonGraph correlates every CVE — across CWE-497 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →