CVEs classified under CWE-1230, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2024-9099 — CVSS 8.1 (high): In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with…
CVE-2025-13084 — CVSS 7.6 (high): The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint…
CVE-2025-47324 — CVSS 7.5 (high): Information disclosure while accessing and modifying the PIB file of a remote device via powerline.
CVE-2025-0330 — CVSS 7.5 (high): In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing…
CVE-2024-53291 — CVSS 7.5 (high): Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated…
CVE-2025-30038: The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a…
CVE-2024-47517 — CVSS 6.8 (medium): Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
CVE-2025-59601 — CVSS 6.5 (medium): Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device…
CVE-2024-9447 — CVSS 6.5 (medium): An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does…
CVE-2025-1921 — CVSS 6.5 (medium): Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about…
CVE-2023-1974 — CVSS 6.5 (medium): Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.
CVE-2026-49270 — CVSS 5.9 (medium): Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers…
CVE-2026-29055 — CVSS 5.3 (medium): Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image…
CVE-2025-48941 — CVSS 5.3 (medium): MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which…
CVE-2025-26527 — CVSS 5.3 (medium): Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.
CVE-2024-49395 — CVSS 5.3 (medium): In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from…
CVE-2023-6962 — CVSS 5.3 (medium): The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the…
CVE-2023-32488 — CVSS 5.3 (medium): Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially…
CVE-2026-45544 — CVSS 4.3 (medium): Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed…
CVE-2026-27661 — CVSS 4.3 (medium): A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential…
CVE-2024-10324 — CVSS 4.3 (medium): The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including…
CVE-2024-8910 — CVSS 4.3 (medium): The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to…
CVE-2025-31959 — CVSS 3.5 (low): HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and…
CVE-2023-50458 — CVSS 3.5 (low): In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.
CVE-2025-8713 — CVSS 3.1 (low): PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a…