Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-497 (将系统数据暴露到未授权控制的范围) — Vulnerability Class 286

286 vulnerabilities classified as CWE-497 (将系统数据暴露到未授权控制的范围). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2026-41339 OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot — OpenClaw 4.3 Medium2026-04-23
CVE-2026-41335 OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON — OpenClaw 5.3 Medium2026-04-23
CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php — xerteonlinetoolkits 8.6 High2026-04-22
CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup — xerteonlinetoolkits 5.3 Medium2026-04-22
CVE-2026-39686 WordPress BSK PDF Manager plugin <= 3.7.2 - Sensitive Data Exposure vulnerability — BSK PDF Manager 6.2AIMediumAI2026-04-08
CVE-2026-39572 WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.5 - Sensitive Data Exposure vulnerability — Bus Ticket Booking with Seat Reservation 5.5AIMediumAI2026-04-08
CVE-2026-39571 WordPress Instantio plugin <= 3.3.30 - Sensitive Data Exposure vulnerability — Instantio 7.5AIHighAI2026-04-08
CVE-2026-39566 WordPress DirectoryPress plugin <= 3.6.26 - Sensitive Data Exposure vulnerability — DirectoryPress 7.5AIHighAI2026-04-08
CVE-2026-39536 WordPress RSVP and Event Management plugin <= 2.7.16 - Sensitive Data Exposure vulnerability — RSVP and Event Management 5.5AIMediumAI2026-04-08
CVE-2026-39516 WordPress Nexter Blocks plugin <= 4.7.0 - Sensitive Data Exposure vulnerability — Nexter Blocks 7.5AIHighAI2026-04-08
CVE-2026-39469 WordPress PageLayer plugin <= 2.0.8 - Sensitive Data Exposure vulnerability — PageLayer 7.5AIHighAI2026-04-08
CVE-2026-33617 MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint — mbCONNECT24 5.3 Medium2026-04-02
CVE-2025-36373 Incorrect administrative access control in IBM DataPower Gateway — DataPower Gateway 10.6CD 4.1 Medium2026-04-01
CVE-2026-25344 WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability — Review Schema 5.5 -2026-03-25
CVE-2026-32405 WordPress WoodMart theme <= 8.3.9 - Sensitive Data Exposure vulnerability — WoodMart 7.5 -2026-03-13
CVE-2026-32372 WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability — ShopBuilder – Elementor WooCommerce Builder Addons 7.5 -2026-03-13
CVE-2026-0231 Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability — Cortex XDR Broker VM 8.1AIHighAI2026-03-11
CVE-2025-41763 Unchecked role in wwwdnload.cgi — UBR-01 Mk II 6.5 Medium2026-03-09
CVE-2025-13616 DataStage on Cloud Pak for Data is vulnerable to sensitive information leak due to HTTP response — DataStage on Cloud Pak for Data 6.5 Medium2026-03-03
CVE-2025-47378 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS — Snapdragon 7.1 High2026-03-02
CVE-2026-27494 n8n has Arbitrary File Read via Python Code Node Sandbox Escape — n8n 9.9AICriticalAI2026-02-25
CVE-2026-24314 Information Disclosure vulnerability in S/4HANA (Manage Payment Media) — S/4HANA (Manage Payment Media) 4.3 Medium2026-02-24
CVE-2026-3075 WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability — Simple Ajax Chat 7.5AIHighAI2026-02-23
CVE-2026-25389 WordPress EventPrime plugin <= 4.2.8.3 - Sensitive Data Exposure vulnerability — EventPrime 6.2AIMediumAI2026-02-19
CVE-2026-25325 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability — rtMedia for WordPress, BuddyPress and bbPress 7.5AIHighAI2026-02-19
CVE-2025-13691 DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing — DataStage on Cloud Pak for Data 8.1 High2026-02-17
CVE-2025-13651 LEAK OF SENSITIVE INFORMATION ON MICROCOM'S ZEUSWEB — ZeusWeb 7.5AIHighAI2026-02-11
CVE-2025-9986 Improper Access Control in Vadi Corporate Information System's DIGIKENT — DIGIKENT 8.2 High2026-02-11
CVE-2025-66599 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 5.3AIMediumAI2026-02-09
CVE-2025-14150 IBM webMethods Integration Sever is affected by — webMethods Integration (on prem) - Integration Server 6.5 Medium2026-02-05

Vulnerabilities classified as CWE-497 (将系统数据暴露到未授权控制的范围) represent 286 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.