Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-497 (将系统数据暴露到未授权控制的范围) — Vulnerability Class 286

286 vulnerabilities classified as CWE-497 (将系统数据暴露到未授权控制的范围). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2025-53364 Parse Server exposes the data schema via GraphQL API — parse-server 5.3 Medium2025-07-10
CVE-2025-7381 Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images — Docker Mautic 5.3 Medium2025-07-09
CVE-2025-2670 IBM OpenPages information disclosure — OpenPages 4.3 Medium2025-07-09
CVE-2025-27369 IBM OpenPages with Watson information disclosure — OpenPages with Watson 4.3 Medium2025-07-08
CVE-2025-53211 WordPress Audio Editor & Recorder plugin <= 2.2.3 - Sensitive Data Exposure Vulnerability — Audio Editor &amp; Recorder 5.3 Medium2025-06-27
CVE-2025-6561 Hunt Electronic Hybrid DVR - Exposure of Sensitive System Information — HBF-09KD 9.8 Critical2025-06-26
CVE-2025-49147 Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements — Umbraco-CMS 5.3 Medium2025-06-24
CVE-2025-5416 Keycloak-core: keycloak environment information — Red Hat Build of Keycloak 2.7 Low2025-06-20
CVE-2025-52719 WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability — ProfileGrid 4.3 Medium2025-06-20
CVE-2025-4229 PAN-OS: Traffic Information Disclosure Vulnerability — Cloud NGFW 5.3AIMediumAI2025-06-13
CVE-2025-31045 WordPress elfsight Contact Form widget plugin <= 2.3.1 - Sensitive Data Exposure Vulnerability — elfsight Contact Form widget 7.5 High2025-06-09
CVE-2025-5893 Honding Technology Smart Parking Management System - Exposure of Sensitive Information — Smart Parking Management System 9.8 Critical2025-06-09
CVE-2025-49419 WordPress Foxit eSign for WordPress plugin <= 2.0.3 - Other Vulnerability Type Vulnerability — Foxit eSign for WordPress 5.5 Medium2025-06-06
CVE-2025-23969 WordPress KI Live Video Conferences plugin <= 5.5.15 - Sensitive Data Exposure Vulnerability — KI Live Video Conferences 5.3 Medium2025-06-06
CVE-2025-24473 Fortinet FortiClientWindows 安全漏洞 — FortiClientWindows 4.8 Low2025-05-28
CVE-2025-2236 Exposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication. — Advanced Authentication 9.1AICriticalAI2025-05-27
CVE-2025-30170 Admin Authorized Exposure of file path, file size or file existence — ASPECT-Enterprise 5.5 Medium2025-05-22
CVE-2025-4364 Exposure of Sensitive System Information to an Unauthorized Control Sphere — Fleet Management System 9.1AICriticalAI2025-05-20
CVE-2025-39394 WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability — AnalyticsWP 5.3 Medium2025-05-19
CVE-2025-31062 WordPress Wishlist plugin <= 2.1.0 - Sensitive Data Exposure Vulnerability — Wishlist 4.3 Medium2025-05-16
CVE-2025-32299 WordPress QuickCal plugin <= 1.0.15 - Sensitive Data Exposure Vulnerability — QuickCal - Appointment Booking Calendar for WordPress 4.3 Medium2025-05-16
CVE-2025-48024 Checkmate 安全漏洞 — Checkmate 5.0 Medium2025-05-15
CVE-2025-30011 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) — SAP Supplier Relationship Management (Live Auction Cockpit) 5.3 Medium2025-05-13
CVE-2025-46747 Exposure of Sensitive System Information — SEL Blueframe OS 5.7 Medium2025-05-12
CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others — sudo-rs 3.3 Low2025-05-12
CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders — sudo-rs 3.3 Low2025-05-12
CVE-2025-3506 Potentially senitive path exposed via unauthenticated http route — Checkmk 7.5AIHighAI2025-05-08
CVE-2025-47540 WordPress weMail plugin <= 1.14.13 - Sensitive Data Exposure Vulnerability — weMail 5.3 Medium2025-05-07
CVE-2025-3606 Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere — AC Charger EVC04 7.5 High2025-04-24
CVE-2025-46421 Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server 6.8 Medium2025-04-24

Vulnerabilities classified as CWE-497 (将系统数据暴露到未授权控制的范围) represent 286 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.