CWE-1230
25 CVEs classified under CWE-1230. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-9099 | High | 8.8 | 2025-03-20 | In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions… |
CVE-2023-1974 | High | 7.7 | 2023-04-11 | Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8. |
CVE-2025-13084 | High | 7.6 | 2025-11-26 | The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role… |
CVE-2025-47324 | High | 7.5 | 2025-08-06 | Information disclosure while accessing and modifying the PIB file of a remote device via powerline. |
CVE-2025-0330 | High | 7.5 | 2025-03-20 | In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This… |
CVE-2024-53291 | High | 7.5 | 2024-12-25 | Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote ac… |
CVE-2024-47517 | Medium | 6.8 | 2025-01-10 | Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access |
CVE-2025-59601 | Medium | 6.5 | 2026-06-01 | Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration. |
CVE-2024-9447 | Medium | 6.5 | 2025-03-20 | An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user… |
CVE-2026-49270 | Medium | 5.9 | 2026-06-01 | Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured… |
CVE-2026-29055 | Medium | 5.3 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline… |
CVE-2025-48941 | Medium | 5.3 | 2025-06-02 | MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to d… |
CVE-2025-26527 | Medium | 5.3 | 2025-02-24 | Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. |
CVE-2024-49395 | Medium | 5.3 | 2024-11-12 | In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. |
CVE-2023-6962 | Medium | 5.3 | 2024-05-02 | The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. Thi… |
CVE-2023-32488 | Medium | 5.3 | 2023-08-16 | Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulner… |
CVE-2026-45544 | Medium | 4.3 | 2026-06-01 | Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-… |
CVE-2026-27661 | Medium | 4.3 | 2026-03-10 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and… |
CVE-2024-10324 | Medium | 4.3 | 2025-01-24 | The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the registe… |
CVE-2024-8910 | Medium | 4.3 | 2024-09-25 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 vi… |