Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-497

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

333 vulnerabilities with CWE-497

CVE-2026-24523 MEDIUM

Marcus WP FullCalendar <1.7 - Info Disclosure

CVE-2026-24377 MEDIUM

POSIMYTH Nexter Blocks <4.6.3 - Info Disclosure

CVE-2026-22915 MEDIUM

Product <Version> - Info Disclosure

CVE-2026-0887 MEDIUM

Firefox and Thunderbird < 140.7.0 and < 147.0 - Information Disclosure in PDF Viewer

CVE-2026-0494 MEDIUM

SAP Fiori App (Intercompany Balance Reconciliation) - Exposure of Sensitive System Information

CVE-2026-0853 MEDIUM

A-Plus Video Technologies - Info Disclosure

CVE-2026-22537 MEDIUM

EFACEC QC 60/90/120 - Exposure of Sensitive System Information via Unhardened System Files

CVE-2025-15623 HIGH

Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user

CVE-2025-36373 MEDIUM

Incorrect administrative access control in IBM DataPower Gateway

CVE-2025-41763 MEDIUM

universal_bacnet_router_firmware < 6.0.1.0 - Unauthorized Sensitive Information Exposure via wwwdnload.cgi Endpoint

CVE-2025-13616 MEDIUM

IBM DataStage on Cloud Pak 5.1.2-5.3.0 - Info Disclosure

CVE-2025-47378 HIGH

Shared VM Reference - Info Disclosure

CVE-2025-13691 HIGH

IBM DataStage 5.1.2-5.3.0 - Info Disclosure

CVE-2025-9986 HIGH

Vadi Corporate Information Systems Ltd. Co. DIGIKENT <13092025 - In...

CVE-2025-13651 HIGH

Microcom ZeusWeb <6.1.31 - Info Disclosure

CVE-2025-66599 MEDIUM

FAST/TOOLS <10.04 - Info Disclosure

CVE-2025-14150 MEDIUM

IBM webMethods Integration <11.1 - Info Disclosure

CVE-2025-27550 LOW

IBM Jazz Reporting Service - Info Disclosure

CVE-2025-36238 MEDIUM

IBM PowerVM Hypervisor - Info Disclosure

CVE-2025-59098 HIGH

dormakaba Access Manager 92xx-k5/k7 - Unauthenticated Sensitive Information Exposure via TCP Socket

CVE-2025-68046 MEDIUM

ThemeHunk Contact Form & Lead Form Elementor Builder <2.0.1 - Info ...

CVE-2025-67954 MEDIUM

Dimitri Grassi Salon booking system <10.30.3 - Info Disclosure

CVE-2025-63051 MEDIUM

REHub Framework <19.9.9.4 - Info Disclosure

CVE-2025-31051 MEDIUM

EngoTheme Plant - Gardening & Houseplants <1.0.0 - Info Disclosure

CVE-2025-34171 MEDIUM

CasaOS <= 0.4.15 - Unauthenticated Sensitive Information Exposure via Image and Debug Endpoints

Previous Page 3 of 14 Next

Details

Vulnerabilities 333

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy