Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

CVEs (321)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-32251 - - Apr 23, 2026 Apr 4, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter jetpack-feedback-exporter allows Retrieve Embedded Sensitive Data.This issue affects Je...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter jetpack-feedback-exporter allows Retrieve Embedded Sensitive Data.This issue affects Jetpack Feedback Exporter: from n/a through <= 1.23.Show less
CVE-2025-0278 1Hcltech 1Traveler Oct 10, 2025 Apr 3, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.
CVE-2025-31832 - - Apr 23, 2026 Apr 1, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a through <= 1.17.0.Show less
CVE-2025-30802 - - Apr 23, 2026 Apr 1, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members our-team-members.This issue affects Our Team Members: from n/a through <= 2.2.
CVE-2025-27149 1Zulip 1Zulip Server Sep 27, 2025 Mar 31, 2025 4.6 MEDIUM· v4 2.7 LOW· v3 N/A· v2 Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent...Show more Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries (E.g., ZulipGitlabWebhook, okhttp, or PycURL) that have been used to access any organization on the server was incorrectly included in all three export types, regardless of if they were used to access the exported organization or not. The "public data" and "with consent" exports metadata including the titles of some topics in private channels which the administrator otherwise did not have access to, and none of the users consented to exporting and metadata for which users were in a group DM together. This vulnerability is fixed in 10.0.Show less
CVE-2024-8313 - - Mar 27, 2025 Mar 25, 2025 8.7 HIGH· v4 N/A· v3 N/A· v2 An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthentica...Show more An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.Show less
CVE-2025-2598 1Amazon 1Aws Cloud Development Kit Oct 14, 2025 Mar 21, 2025 5.7 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to t...Show more When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.Show less
CVE-2024-10940 - - Mar 20, 2025 Mar 20, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create l...Show more A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.Show less
CVE-2025-23382 1Dell 1Secure Connect Gateway May 20, 2025 Mar 19, 2025 N/A· v4 5.8 MEDIUM· v3 N/A· v2 Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote acces...Show more Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.cShow less
CVE-2024-52905 1Ibm 1Sterling B2b Integrator Jul 25, 2025 Mar 10, 2025 N/A· v4 2.7 LOW· v3 N/A· v2 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.
CVE-2024-11035 - - Mar 5, 2025 Mar 5, 2025 N/A· v4 2.5 LOW· v3 N/A· v2 Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak vulnerability, which s a type of issue whereby sensitive information may b exposed due to a vulnerability in software.
CVE-2025-26911 - - Apr 23, 2026 Feb 25, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects System Dashboard: from n/a through <= 2.8.18.Show less
CVE-2025-26758 - - Apr 23, 2026 Feb 17, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds spotlight-social-photo-feeds allows Retrieve Embedded Sensitive Data.This issue affects S...Show more Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds spotlight-social-photo-feeds allows Retrieve Embedded Sensitive Data.This issue affects Spotlight Social Media Feeds: from n/a through <= 1.7.1.Show less
CVE-2025-1212 1Gitlab 1Gitlab Aug 6, 2025 Feb 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to...Show more An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.Show less
CVE-2025-1144 - - Aug 26, 2025 Feb 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.
CVE-2024-8550 1Modelscope 1Agentscope Jul 30, 2025 Feb 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive...Show more A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input passed to the os.path.join function, which can be exploited to access files outside the intended directory.Show less
CVE-2024-36554 - - Feb 10, 2025 Feb 6, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the...Show more Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information.Show less
CVE-2025-22222 1Vmware 2Aria Operations Cloud Foundation May 14, 2025 Jan 30, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid servic...Show more VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.Show less
CVE-2024-37526 1Ibm 2Data Virtualization On Cloud Pak For Data Watson Query With Cloud Pak For Data Aug 18, 2025 Jan 27, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an imprope...Show more IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.Show less
CVE-2024-40706 1Ibm 1Infosphere Information Server Mar 11, 2025 Jan 24, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.

Previous 1...111213...17 Next