CWE-497 · Exposure of Sensitive System Information to an Unauthorized Control Sphere

341 CVEs classified under CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere). Browse by severity and year.

Top CVEs for CWE-497
CVESeverityScorePublishedSummary
CVE-2025-10264Critical10.02025-09-12Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the sy…
CVE-2026-27494Critical9.92026-02-25n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify wo…
CVE-2025-47699Critical9.92025-10-23Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator…
CVE-2025-44823Critical9.92025-10-07Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_us…
CVE-2024-13999Critical9.82025-10-30Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticat…
CVE-2025-6561Critical9.82025-06-26Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remo…
CVE-2025-5893Critical9.82025-06-09Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to ac…
CVE-2025-1144Critical9.82025-02-11School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database info…
CVE-2024-36554Critical9.82025-02-06Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.4…
CVE-2020-25179Critical9.82020-12-14GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
CVE-2024-4008Critical9.62024-06-05FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System
CVE-2023-32550Critical9.32023-06-06Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further…
CVE-2025-12779High8.82025-11-05Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token fo…
CVE-2024-13995High8.82025-10-30Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed pa…
CVE-2025-9364High8.82025-09-09An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an att…
CVE-2024-39675High8.82024-07-09A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4…
CVE-2022-1902High8.82022-09-01A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows aut…
CVE-2025-0061High8.72025-01-14SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interactio…
CVE-2026-42047High8.62026-05-07Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53…
CVE-2026-24222High8.62026-04-28NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by se…