Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-497

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

333 vulnerabilities with CWE-497

CVE-2026-41459 MEDIUM

Xerte Online Toolkits Path Disclosure via /setup

CVE-2026-34413 HIGH

Xerte Online Toolkits Missing Authentication via connector.php

CVE-2026-39686 MEDIUM

WordPress BSK PDF Manager plugin <= 3.7.2 - Sensitive Data Exposure vulnerability

CVE-2026-39572 MEDIUM

WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.5 - Sensitive Data Exposure vulnerability

CVE-2026-39571 MEDIUM

WordPress Instantio plugin <= 3.3.30 - Sensitive Data Exposure vulnerability

CVE-2026-39566 MEDIUM

WordPress DirectoryPress plugin <= 3.6.26 - Sensitive Data Exposure vulnerability

CVE-2026-39536 MEDIUM

WordPress RSVP and Event Management plugin <= 2.7.16 - Sensitive Data Exposure vulnerability

CVE-2026-39516 MEDIUM

WordPress Nexter Blocks plugin <= 4.7.0 - Sensitive Data Exposure vulnerability

CVE-2026-39469 MEDIUM

WordPress PageLayer plugin <= 2.0.8 - Sensitive Data Exposure vulnerability

CVE-2026-33617 MEDIUM

MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint

CVE-2026-25344 MEDIUM

WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability

CVE-2026-20691 MEDIUM

Safari < 26.4 - Unauthorized Sensitive Information Exposure via Webpage Fingerprinting

CVE-2026-32405 MEDIUM

WoodMart <= 8.3.9 - Exposure of Sensitive System Information

CVE-2026-32372 MEDIUM

RadiusTheme ShopBuilder <=3.2.4 - Info Disclosure

CVE-2026-0231 MEDIUM

Palo Alto Cortex XDR Broker VM - Info Disclosure

CVE-2026-27494 CRITICAL

n8n <2.10.1/2.9.3/1.123.22 - Authenticated RCE

CVE-2026-24314 MEDIUM

SAP S/4HANA Manage Payment Media - Authenticated Exposure of Sensitive System Information

CVE-2026-3075 MEDIUM

Simple Ajax Chat <=20251121 - Info Disclosure

CVE-2026-25389 MEDIUM

EventPrime <=4.2.8.3 - Info Disclosure

CVE-2026-25325 MEDIUM

rtMedia for WordPress, BuddyPress and bbPress <= 4.7.8 - Sensitive Data Exposure

CVE-2026-25023 MEDIUM

ContestsWP <2.0.7 - Info Disclosure

CVE-2026-24998 MEDIUM

WPMU DEV - Your All-in-One WordPress Platform Hustle <7.8.9.2 - Inf...

CVE-2026-24593 MEDIUM

Strategy11 Team AWP Classifieds <4.4.3 - Info Disclosure

CVE-2026-24553 MEDIUM

Dotstore Fraud Prevention For Woocommerce <2.3.1 - Info Disclosure

CVE-2026-24536 MEDIUM

Webpushr <= 4.38.0 - Sensitive Data Exposure via Embedded Data Retrieval

Previous Page 2 of 14 Next

Details

Vulnerabilities 333

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy