CVEbaza.plCWE DictionaryCWE-497
Common Weakness Enumeration

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Category: BaseCVE: 343
Description

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

CVE vulnerabilities with CWE-497 (343)
10.0
CVSS
CRITICAL
CVE-2025-10264

Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.

pub. 2025-09-12
9.9
CVSS
CRITICAL
CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.

pub. 2025-10-23
9.9
CVSS
CRITICAL
CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.

pub. 2025-10-07
9.8
CVSS
CRITICAL
CVE-2025-6561

Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.

pub. 2025-06-26
9.8
CVSS
CRITICAL
CVE-2025-1144

School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.

pub. 2025-02-11
9.8
CVSS
CRITICAL
CVE-2024-36554

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information.

pub. 2025-02-06
9.8
CVSS
CRITICAL
CVE-2020-25179

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

pub. 2020-12-14
9.5
CVSS
CRITICAL
CVE-2025-11545

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions.

pub. 2025-12-22
9.3
CVSS
CRITICAL
CVE-2025-15623

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations

pub. 2026-04-17
9.3
CVSS
CRITICAL
CVE-2025-5893

Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.

pub. 2025-06-09
9.3
CVSS
CRITICAL
CVE-2023-32550

Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.

pub. 2023-06-06
8.8
CVSS
HIGH
CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request server-side. Unauthenticated attackers can perform file operations on project media directories including creating directories, uploading files, renaming files, duplicating files, overwriting files, and deleting files, which can be chained with path traversal and extension blocklist vulnerabilities to achieve remote code execution and arbitrary file read.

pub. 2026-04-22
8.8
CVSS
HIGH
CVE-2025-12779

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.

pub. 2025-11-05
8.8
CVSS
HIGH
CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

pub. 2022-09-01
8.7
CVSS
HIGH
CVE-2026-56124

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.

pub. 2026-06-29
8.7
CVSS
HIGH
CVE-2018-25358

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.

pub. 2026-05-23
8.7
CVSS
HIGH
CVE-2025-59098

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive debug information. The data is permanently broadcasted on the TCP socket. The socket can be accessed without any authentication or encryption. The transmitted data is based on the set verbosity level. The verbosity level can be set using the http(s) endpoint with the service interface password or with the guessable identifier of the device via the SOAP interface. The transmitted data contains sensitive data like the Card ID as well as all button presses on Registration units. This allows an attacker with network level access to retrieve all entered PINs on a registration unit.

pub. 2026-01-26
8.7
CVSS
HIGH
CVE-2025-14712

Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password.

pub. 2025-12-15
8.7
CVSS
HIGH
CVE-2022-4985

Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.

pub. 2025-11-14
8.7
CVSS
HIGH
CVE-2025-54459

Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.

pub. 2025-10-29
Showing 20 of 343 vulnerabilities
Information
ID: CWE-497
Type: Base
Vulnerabilities: 343
MITRE CWE ↗
← CWE Dictionary