CVEs classified under CWE-612, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2024-25635 — CVSS 8.8 (high): alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and…
CVE-2019-25605 — CVSS 7.5 (high): EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing…
CVE-2022-35980 — CVSS 7.5 (high): OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of…
CVE-2025-3653 — CVSS 7.3 (high): Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device…
CVE-2025-3660 — CVSS 6.5 (medium): Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to…
CVE-2024-49071 — CVSS 6.5 (medium): Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized…
CVE-2023-4560 — CVSS 6.5 (medium): Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
CVE-2022-41918 — CVSS 6.3 (medium): OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained…
CVE-2025-3654 — CVSS 5.3 (medium): Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access…
CVE-2022-22565 — CVSS 4.7 (medium): Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated…