VYPR

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

BaseIncomplete

Description

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-170 · CAPEC-694

CVEs mapped to this weakness (213)

page 2 of 11
  • CVE-2026-49068HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.

  • CVE-2026-49066HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.

  • CVE-2026-49056HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.

  • CVE-2026-34891HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.

  • CVE-2018-25358HigMay 23, 2026
    risk 0.49cvss 7.5epss 0.01

    D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like…

  • CVE-2026-43654HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.

  • CVE-2026-34413HigApr 22, 2026
    risk 0.49cvss 8.6epss 0.03

    Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to…

  • CVE-2025-15623HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in…

  • CVE-2025-14712HigDec 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password.

  • CVE-2025-27721HigAug 21, 2025
    risk 0.49cvss 7.5epss 0.00

    Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources.

  • CVE-2025-31045HigJun 9, 2025
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget elfsight-contact-form allows Retrieve Embedded Sensitive Data.This issue affects elfsight Contact Form widget: from n/a through <= 2.3.1.

  • CVE-2025-3606HigApr 25, 2025
    risk 0.49cvss 7.5epss 0.00

    Vestel AC Charger version 3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device.

  • CVE-2025-26730HigApr 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0.

  • CVE-2025-27934HigApr 9, 2025
    risk 0.49cvss 7.5epss 0.01

    Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.

  • CVE-2024-54279HigDec 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.This issue affects WP-NERD Toolkit: from n/a through <= 1.1.

  • CVE-2024-50528HigNov 4, 2024
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3.

  • CVE-2024-48024HigOct 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Fahad Mahmood Keep Backup Daily keep-backup-daily allows Retrieve Embedded Sensitive Data.This issue affects Keep Backup Daily: from n/a through <= 2.1.3.

  • CVE-2025-4235HigSep 12, 2025
    risk 0.47cvss epss 0.00

    An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the…

  • CVE-2026-7864MedMay 8, 2026
    risk 0.45cvss epss 0.17

    SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.

  • CVE-2025-66599MedFeb 9, 2026
    risk 0.45cvss epss 0.00

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS…