CVEs classified under CWE-1295, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2024-38516 — CVSS 8.8 (high): ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables…
CVE-2025-31001 — CVSS 7.5 (high): Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This…
CVE-2024-45784 — CVSS 7.5 (high): Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This…
CVE-2023-5392 — CVSS 7.5 (high): C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function…
CVE-2025-42604: This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this…
CVE-2025-2877 — CVSS 6.5 (medium): A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory…
CVE-2023-4215 — CVSS 6.5 (medium): Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user…
CVE-2025-12910 — CVSS 6.2 (medium): Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive…
CVE-2025-46775 — CVSS 5.5 (medium): A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through…
CVE-2025-59109: The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button…
CVE-2024-11217 — CVSS 4.9 (medium): A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for…
CVE-2024-27179 — CVSS 4.7 (medium): Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected…
CVE-2021-25476 — CVSS 4.1 (medium): An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection…
CVE-2025-2469 — CVSS 3.7 (low): An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime…
CVE-2025-35031 — CVSS 3.3 (low): Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a…