Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-497

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

333 vulnerabilities with CWE-497

CVE-2026-52694 HIGH

WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability

CVE-2026-49068 HIGH

WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

CVE-2026-49066 HIGH

WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

CVE-2026-49056 HIGH

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability

CVE-2026-48878 MEDIUM

WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability

CVE-2026-42660 MEDIUM

WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability

CVE-2026-40796 MEDIUM

WordPress WPPizza plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

CVE-2026-34891 HIGH

WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability

CVE-2026-24618 MEDIUM

WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability

CVE-2026-0466 MEDIUM

Amd µProf - Exposure of Sensitive System Information to an Unauthorized Control Sphere

CVE-2026-44743 LOW

SAP BusinessObjects - Sensitive Information Exposure via Endpoint

CVE-2026-49077 MEDIUM

WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability

CVE-2026-44749 MEDIUM

Information Disclosure vulnerability in SAP Gateway

CVE-2026-27349 MEDIUM

WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability

CVE-2026-0240 MEDIUM

Trust Protection Foundation: Sensitive Information Disclosure Vulnerability

CVE-2026-0239 MEDIUM

Chronosphere Chronocollector Information Disclosure Vulnerability

CVE-2026-43654 HIGH

iOS and iPadOS < 18.7.9 - Unauthorized Sensitive System Information Exposure

CVE-2026-7864 MEDIUM

SEPPmail Secure Email Gateway - Environment Variable Exposure

CVE-2026-41928 MEDIUM

Vvveb < 1.0.8.2 Information Disclosure via Cron Controller

CVE-2026-42047 HIGH

Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

CVE-2026-25468 MEDIUM

WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerability

CVE-2026-42644 MEDIUM

WordPress BetterDocs plugin <= 4.3.10 - Sensitive Data Exposure vulnerability

CVE-2026-24222 HIGH

NVIDIA NeMoClaw < 0.0.18 - Exposure of Sensitive System Information via Sandbox Environment Initialization

CVE-2026-41339 MEDIUM

OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot

CVE-2026-41335 MEDIUM

OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON

Page 1 of 14 Next

Details

Vulnerabilities 333

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy