CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-170 · CAPEC-694
CVEs mapped to this weakness (213)
page 1 of 11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10264 | Cri | 0.65 | 10.0 | 0.00 | Sep 12, 2025 | Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras. | ||
| CVE-2025-47699 | Cri | 0.64 | 9.9 | 0.00 | Oct 23, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre… | ||
| CVE-2025-6561 | Cri | 0.64 | 9.8 | 0.00 | Jun 26, 2025 | Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. | ||
| CVE-2025-5893 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2025 | Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials. | ||
| CVE-2025-1144 | Cri | 0.64 | 9.8 | 0.00 | Feb 11, 2025 | School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials. | ||
| CVE-2024-36554 | Cri | 0.64 | 9.8 | 0.00 | Feb 6, 2025 | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns… | ||
| CVE-2025-11545 | Cri | 0.62 | — | 0.00 | Dec 22, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions. | ||
| CVE-2025-59098 | Hig | 0.57 | — | 0.00 | Jan 26, 2026 | The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the… | ||
| CVE-2022-4985 | Hig | 0.57 | — | 0.00 | Nov 14, 2025 | Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve… | ||
| CVE-2025-12779 | Hig | 0.57 | 8.8 | 0.00 | Nov 5, 2025 | Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be… | ||
| CVE-2025-4364 | — | Hig | 0.57 | — | 0.00 | May 20, 2025 | The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials. | |
| CVE-2024-8313 | Hig | 0.57 | — | 0.00 | Mar 25, 2025 | An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration… | ||
| CVE-2024-39675 | — | Hig | 0.57 | 8.8 | 0.00 | Jul 9, 2024 | A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All… | |
| CVE-2026-42047 | Hig | 0.56 | 8.6 | 0.00 | May 7, 2026 | Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host… | ||
| CVE-2026-24222 | Hig | 0.56 | 8.6 | 0.00 | Apr 28, 2026 | NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly… | ||
| CVE-2024-12367 | Hig | 0.56 | 8.6 | 0.00 | Sep 16, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing. This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the… | ||
| CVE-2025-9986 | Hig | 0.53 | 8.2 | 0.00 | Feb 11, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: through 13092025. | ||
| CVE-2025-11151 | Hig | 0.53 | 8.2 | 0.00 | Oct 21, 2025 | Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages. This issue affects… | ||
| CVE-2025-32792 | Hig | 0.50 | — | 0.00 | Apr 18, 2025 | SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution… | ||
| CVE-2026-52694 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. |
- risk 0.65cvss 10.0epss 0.00
Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.
- risk 0.64cvss 9.9epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre…
- risk 0.64cvss 9.8epss 0.00
Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.
- risk 0.64cvss 9.8epss 0.00
Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
- risk 0.64cvss 9.8epss 0.00
School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.
- risk 0.64cvss 9.8epss 0.00
Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns…
- risk 0.62cvss —epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions.
- risk 0.57cvss —epss 0.00
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the…
- risk 0.57cvss —epss 0.00
Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve…
- risk 0.57cvss 8.8epss 0.00
Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be…
- risk 0.57cvss —epss 0.00
The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.
- risk 0.57cvss —epss 0.00
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration…
- risk 0.57cvss 8.8epss 0.00
A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All…
- risk 0.56cvss 8.6epss 0.00
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host…
- risk 0.56cvss 8.6epss 0.00
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly…
- risk 0.56cvss 8.6epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing. This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the…
- risk 0.53cvss 8.2epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation. This issue affects DIGIKENT: through 13092025.
- risk 0.53cvss 8.2epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages. This issue affects…
- risk 0.50cvss —epss 0.00
SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution…
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.