VYPR

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

BaseIncomplete

Description

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-170 · CAPEC-694

CVEs mapped to this weakness (213)

page 8 of 11
  • CVE-2026-44749MedMay 26, 2026
    risk 0.28cvss 4.3epss 0.00

    The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.

  • CVE-2026-27349MedMay 21, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5.

  • CVE-2026-39572MedApr 8, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat…

  • CVE-2026-39566MedApr 8, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.

  • CVE-2026-39469MedApr 8, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8.

  • CVE-2026-24553MedJan 23, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention…

  • CVE-2026-24377MedJan 22, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3.

  • CVE-2025-63051MedJan 22, 2026
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.

  • CVE-2026-0887MedJan 13, 2026
    risk 0.28cvss 4.3epss 0.00

    Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2026-0494MedJan 13, 2026
    risk 0.28cvss 4.3epss 0.00

    Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted.

  • CVE-2025-62083MedDec 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon coming-soon-by-boomdevs allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon: from n/a through <= 1.0.4.

  • CVE-2025-49340MedDec 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP direct-payments-wp allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through <= 1.3.2.

  • CVE-2025-62143MedDec 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players video-playlist-and-gallery-plugin allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through <= 1.163.

  • CVE-2025-69026MedDec 30, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.

  • CVE-2025-69025MedDec 30, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through <= 1.0.20.

  • CVE-2025-68576MedDec 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.

  • CVE-2025-67621MedDec 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5.

  • CVE-2025-62955MedDec 21, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Retrieve Embedded Sensitive Data.This issue affects TempTool [Show Current Template Info]: from n/a through…

  • CVE-2025-67948MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from…

  • CVE-2025-67470MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through <= 1.5.5.