Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-497

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

311 vulnerabilities with CWE-497

CVE-2026-42644 MEDIUM

WordPress BetterDocs plugin <= 4.3.10 - Sensitive Data Exposure vulnerability

CVE-2026-24222 HIGH

Nvidia NemoClaw - Information Disclosure

CVE-2026-41339 MEDIUM

OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot

CVE-2026-41335 MEDIUM

OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON

CVE-2026-41459 MEDIUM

Xerte Online Toolkits Path Disclosure via /setup

CVE-2026-34413 HIGH

Xerte Online Toolkits Missing Authentication via connector.php

CVE-2026-39686 MEDIUM

WordPress BSK PDF Manager plugin <= 3.7.2 - Sensitive Data Exposure vulnerability

CVE-2026-39572 MEDIUM

WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.5 - Sensitive Data Exposure vulnerability

CVE-2026-39571 MEDIUM

WordPress Instantio plugin <= 3.3.30 - Sensitive Data Exposure vulnerability

CVE-2026-39566 MEDIUM

WordPress DirectoryPress plugin <= 3.6.26 - Sensitive Data Exposure vulnerability

CVE-2026-39536 MEDIUM

WordPress RSVP and Event Management plugin <= 2.7.16 - Sensitive Data Exposure vulnerability

CVE-2026-39516 MEDIUM

WordPress Nexter Blocks plugin <= 4.7.0 - Sensitive Data Exposure vulnerability

CVE-2026-39469 MEDIUM

WordPress PageLayer plugin <= 2.0.8 - Sensitive Data Exposure vulnerability

CVE-2026-33617 MEDIUM

MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint

CVE-2026-25344 MEDIUM

WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability

CVE-2026-20691 MEDIUM

Apple Safari < 26.4 - Denial of Service

CVE-2026-32405 MEDIUM

WoodMart <=8.3.9 - Info Disclosure

CVE-2026-32372 MEDIUM

RadiusTheme ShopBuilder <=3.2.4 - Info Disclosure

CVE-2026-0231 MEDIUM

Palo Alto Cortex XDR Broker VM - Info Disclosure

CVE-2026-27494 CRITICAL

n8n <2.10.1/2.9.3/1.123.22 - Authenticated RCE

CVE-2026-24314 MEDIUM

SAP S/4HANA - Info Disclosure

CVE-2026-3075 MEDIUM

Simple Ajax Chat <=20251121 - Info Disclosure

CVE-2026-25389 MEDIUM

EventPrime <=4.2.8.3 - Info Disclosure

CVE-2026-25325 MEDIUM

rtMedia <=4.7.8 - Info Disclosure

CVE-2026-25023 MEDIUM

ContestsWP <2.0.7 - Info Disclosure

Page 1 of 13 Next

Details

Vulnerabilities 311

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy