CWE-497 · Exposure of Sensitive System Information to an Unauthorized Control Sphere
341 CVEs classified under CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-10264 | Critical | 10.0 | 2025-09-12 | Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the sy… |
CVE-2026-27494 | Critical | 9.9 | 2026-02-25 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify wo… |
CVE-2025-47699 | Critical | 9.9 | 2025-10-23 | Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator… |
CVE-2025-44823 | Critical | 9.9 | 2025-10-07 | Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_us… |
CVE-2024-13999 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticat… |
CVE-2025-6561 | Critical | 9.8 | 2025-06-26 | Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remo… |
CVE-2025-5893 | Critical | 9.8 | 2025-06-09 | Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to ac… |
CVE-2025-1144 | Critical | 9.8 | 2025-02-11 | School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database info… |
CVE-2024-36554 | Critical | 9.8 | 2025-02-06 | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.4… |
CVE-2020-25179 | Critical | 9.8 | 2020-12-14 | GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. |
CVE-2024-4008 | Critical | 9.6 | 2024-06-05 | FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System |
CVE-2023-32550 | Critical | 9.3 | 2023-06-06 | Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further… |
CVE-2025-12779 | High | 8.8 | 2025-11-05 | Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token fo… |
CVE-2024-13995 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed pa… |
CVE-2025-9364 | High | 8.8 | 2025-09-09 | An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an att… |
CVE-2024-39675 | High | 8.8 | 2024-07-09 | A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4… |
CVE-2022-1902 | High | 8.8 | 2022-09-01 | A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows aut… |
CVE-2025-0061 | High | 8.7 | 2025-01-14 | SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interactio… |
CVE-2026-42047 | High | 8.6 | 2026-05-07 | Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53… |
CVE-2026-24222 | High | 8.6 | 2026-04-28 | NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by se… |