CVEs classified under CWE-359, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2022-0482 — CVSS 9.1 (critical): Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
CVE-2022-2921 — CVSS 8.8 (high): Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in…
CVE-2025-53625: The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and…
CVE-2025-13008: An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows…
CVE-2025-66172 — CVSS 8.1 (high): The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access…
CVE-2025-11959 — CVSS 8.1 (high): Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in…
CVE-2024-42347 — CVSS 7.7 (high): matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a…
CVE-2024-11216 — CVSS 7.6 (high): Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in…
CVE-2023-50053 — CVSS 7.6 (high): An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication…
CVE-2026-56124 — CVSS 7.5 (high): phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full…
CVE-2026-48615 — CVSS 7.5 (high): A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials…
CVE-2019-25762 — CVSS 7.5 (high): Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access…
CVE-2026-28906 — CVSS 7.5 (high): This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5…
CVE-2025-15623 — CVSS 7.5 (high): Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control…
CVE-2020-37173 — CVSS 7.5 (high): AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the…
CVE-2026-24735 — CVSS 7.5 (high): Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through…
CVE-2025-65857 — CVSS 7.5 (high): An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes…
CVE-2025-1030 — CVSS 7.5 (high): Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query…
CVE-2025-34441 — CVSS 7.5 (high): AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails…
CVE-2025-10450 — CVSS 7.5 (high): Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows…
CVE-2025-43500 — CVSS 7.5 (high): A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe…
CVE-2025-43496 — CVSS 7.5 (high): The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS…
CVE-2025-43405 — CVSS 7.5 (high): A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2…
CVE-2025-43399 — CVSS 7.5 (high): This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS…
CVE-2025-43227 — CVSS 7.5 (high): This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia…
CVE-2025-49715 — CVSS 7.5 (high): Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized…
CVE-2025-5334 — CVSS 7.5 (high): Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows…
CVE-2024-10267 — CVSS 7.5 (high): An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user…
CVE-2025-20060 — CVSS 7.5 (high): An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android…
CVE-2024-11206 — CVSS 7.5 (high): Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.
CVE-2024-7697 — CVSS 7.5 (high): Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.
CVE-2024-36682 — CVSS 7.5 (high): In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while…
CVE-2024-36677 — CVSS 7.5 (high): In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to…
CVE-2024-33271 — CVSS 7.5 (high): An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component.
CVE-2023-5983 — CVSS 7.5 (high): Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve…
CVE-2023-44156 — CVSS 7.5 (high): Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows)…
CVE-2023-2703 — CVSS 7.5 (high): Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows…
CVE-2026-58297 — CVSS 7.1 (high): Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose…
CVE-2026-58296 — CVSS 7.1 (high): Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose…
CVE-2026-49344: Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query…
CVE-2025-13477 — CVSS 7.1 (high): Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations…
CVE-2025-14317: In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a…
CVE-2025-24355 — CVSS 7.1 (high): Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in…
CVE-2025-62362: gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address…
CVE-2024-37136 — CVSS 6.8 (medium): Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability…