Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

CVEs (321)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-46718 1Trifectatech 1Sudo Jul 9, 2025 May 12, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-...Show more sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.Show less
CVE-2025-46717 1Trifectatech 1Sudo Jul 9, 2025 May 12, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot acc...Show more sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability.Show less
CVE-2025-3506 1Checkmk 1Checkmk Aug 25, 2025 May 8, 2025 6.3 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.
CVE-2025-47540 1Wedevs 1Wemail Apr 23, 2026 May 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13.
CVE-2025-3606 - - Apr 29, 2025 Apr 25, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 Vestel AC Charger version 3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device.
CVE-2025-46421 - - Jul 28, 2025 Apr 24, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the...Show more A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.Show less
CVE-2025-32792 - - Apr 21, 2025 Apr 18, 2025 8.7 HIGH· v4 N/A· v3 N/A· v2 SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment...Show more SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `<script>` tag will have inadvertently revealed these bindings in the lexical scope of third-party code. This issue has been patched in version 1.12.0. Workarounds for this issue involve either avoiding top-level `let`, `const`, or `class` bindings in `<script>` tags, or change these to `var` bindings to be reflected on `globalThis`.Show less
CVE-2025-39439 - - Apr 23, 2026 Apr 17, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get wplike2get allows Retrieve Embedded Sensitive Data.This issue affects wpLike2Get: from n/a through <= 1...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Markus Drubba wpLike2Get wplike2get allows Retrieve Embedded Sensitive Data.This issue affects wpLike2Get: from n/a through <= 1.2.9.Show less
CVE-2025-39589 1Wpdeveloper 1Essential Addons For Elementor Apr 23, 2026 Apr 16, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issu...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.Show less
CVE-2025-39556 - - Apr 23, 2026 Apr 16, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel mediavine-control-panel allows Retrieve Embedded Sensitive Data.This issue affects Mediavine C...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel mediavine-control-panel allows Retrieve Embedded Sensitive Data.This issue affects Mediavine Control Panel: from n/a through <= 2.10.6.Show less
CVE-2025-26730 - - Apr 28, 2026 Apr 15, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0.Show less
CVE-2025-30686 1Oracle 1Hospitality Simphony Apr 21, 2025 Apr 15, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privile...Show more Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).Show less
CVE-2022-43852 1Ibm 1Aspera Console Jul 17, 2025 Apr 14, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.
CVE-2025-32228 - - Apr 23, 2026 Apr 10, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This is...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.Show less
CVE-2025-31003 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 2.7 LOW· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through <= 1.6.
CVE-2025-27934 - - Apr 9, 2025 Apr 9, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authenticati...Show more Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.Show less
CVE-2025-32164 - - Apr 23, 2026 Apr 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList m1downloadlist allows Retrieve Embedded Sensitive Data.This issue affects m1.DownloadList: from n/...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList m1downloadlist allows Retrieve Embedded Sensitive Data.This issue affects m1.DownloadList: from n/a through <= 0.24.Show less
CVE-2025-32026 - - Apr 8, 2025 Apr 8, 2025 N/A· v4 3.8 LOW· v3 N/A· v2 Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions...Show more Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used for an Element Call call. Version 1.11.97 fixes the problem.Show less
CVE-2024-45549 1Qualcomm 158Ar8035 Firmware Fastconnect 6700 FirmwareFastconnect 6800 Firmware+155 more Oct 6, 2025 Apr 7, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 Information disclosure while creating MQ channels.
CVE-2025-32255 - - Apr 23, 2026 Apr 4, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList stafflist allows Retrieve Embedded Sensitive Data.This issue affects StaffList: from n/a through <= 3.2.7.

Previous 1...101112...17 Next