CVEs classified under CWE-497, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-10264 — CVSS 10.0 (critical): Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter…
CVE-2026-27494 — CVSS 9.9 (critical): n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to…
CVE-2025-47699 — CVSS 9.9 (critical): Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an…
CVE-2025-44823 — CVSS 9.9 (critical): Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.ph…
CVE-2026-14808 — CVSS 9.8 (critical): Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote…
CVE-2024-13999 — CVSS 9.8 (critical): Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication…
CVE-2025-1144 — CVSS 9.8 (critical): School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and…
CVE-2024-36554 — CVSS 9.8 (critical): Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0…
CVE-2024-4008 — CVSS 9.6 (critical): FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local…
CVE-2025-11545: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a…
CVE-2025-12779 — CVSS 8.8 (high): Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the…
CVE-2024-13995 — CVSS 8.8 (high): Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including…
CVE-2025-9364 — CVSS 8.8 (high): An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This…
CVE-2024-39675 — CVSS 8.8 (high): A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM…
CVE-2022-1902 — CVSS 8.8 (high): A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API…
CVE-2025-59098: The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as…
CVE-2022-4985: Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an…
CVE-2025-4364: The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive…
CVE-2025-32792: SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope…
CVE-2024-8313: An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default…
CVE-2025-0061 — CVSS 8.7 (high): SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without…
CVE-2026-24222 — CVSS 8.6 (high): NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper…
CVE-2026-34413 — CVSS 8.6 (high): Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at…
CVE-2024-12367 — CVSS 8.6 (high): Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory…
CVE-2025-9986 — CVSS 8.2 (high): Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co…
CVE-2025-13691 — CVSS 8.1 (high): IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate…
CVE-2025-22222 — CVSS 7.7 (high): VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit…
CVE-2025-30686 — CVSS 7.6 (high): Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that…
CVE-2026-56060 — CVSS 7.5 (high): Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
CVE-2026-49056 — CVSS 7.5 (high): Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
CVE-2026-34891 — CVSS 7.5 (high): Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
CVE-2018-25358 — CVSS 7.5 (high): D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive…
CVE-2026-43654 — CVSS 7.5 (high): The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS…
CVE-2025-13651 — CVSS 7.5 (high): Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting…
CVE-2020-36926 — CVSS 7.5 (high): SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification…
CVE-2020-36922 — CVSS 7.5 (high): Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access…
CVE-2025-9110 — CVSS 7.5 (high): An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP…
CVE-2025-64258 — CVSS 7.5 (high): Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post…
CVE-2025-34442 — CVSS 7.5 (high): AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server…
CVE-2025-14712 — CVSS 7.5 (high): Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing…
CVE-2025-54459 — CVSS 7.5 (high): Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication…
CVE-2025-43024 — CVSS 7.5 (high): A GUI dialog of an application allows to view what files are in the file system without proper authorization.
CVE-2025-27721 — CVSS 7.5 (high): Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system…
CVE-2024-51770 — CVSS 7.5 (high): An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
CVE-2025-31045 — CVSS 7.5 (high): Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget…