VYPR

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

BaseIncomplete

Description

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-170 · CAPEC-694

CVEs mapped to this weakness (213)

page 7 of 11
  • CVE-2025-53211MedJun 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Retrieve Embedded Sensitive Data.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.3.

  • CVE-2025-23969MedJun 6, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Retrieve Embedded Sensitive Data.This issue affects KI Live Video Conferences: from n/a through <= 5.5.15.

  • CVE-2025-39394MedMay 19, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.

  • CVE-2025-47540MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13.

  • CVE-2025-39439MedApr 17, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get wplike2get allows Retrieve Embedded Sensitive Data.This issue affects wpLike2Get: from n/a through <= 1.2.9.

  • CVE-2025-39556MedApr 16, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel mediavine-control-panel allows Retrieve Embedded Sensitive Data.This issue affects Mediavine Control Panel: from n/a through <= 2.10.6.

  • CVE-2025-32255MedApr 4, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data.This issue affects StaffList: from n/a through <= 3.2.7.

  • CVE-2025-26758MedFeb 17, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds spotlight-social-photo-feeds allows Retrieve Embedded Sensitive Data.This issue affects Spotlight Social Media Feeds: from n/a through <= 1.7.1.

  • CVE-2024-53768MedNov 30, 2024
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ideinteractive Content Audit Exporter content-audit-exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through <= 1.1.

  • CVE-2024-52033MedNov 20, 2024
    risk 0.34cvss 5.3epss 0.00

    Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through…

  • CVE-2024-49252MedOct 16, 2024
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in VaultDweller Leyka leyka.This issue affects Leyka: from n/a through <= 3.31.6.

  • CVE-2024-9470MedOct 9, 2024
    risk 0.34cvss epss 0.00

    A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.

  • CVE-2026-0239MedMay 13, 2026
    risk 0.32cvss epss 0.00

    An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.

  • CVE-2025-59575MedOct 22, 2025
    risk 0.32cvss 4.9epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.

  • CVE-2025-8700MedAug 26, 2025
    risk 0.31cvss epss 0.00

    Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the…

  • CVE-2025-8597MedAug 26, 2025
    risk 0.31cvss epss 0.00

    MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the…

  • CVE-2024-12993MedDec 30, 2024
    risk 0.31cvss epss 0.00

    Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges.  After multiple attempts to contact the vendor we did not…

  • CVE-2026-0240MedMay 13, 2026
    risk 0.29cvss epss 0.00

    An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and…

  • CVE-2024-53683MedJan 17, 2025
    risk 0.29cvss 4.4epss 0.00

    A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use.

  • CVE-2026-24618MedJun 12, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4.