CWE-200

Information Disclosure

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 50 of 96

CVE-2026-44486High· 7.5EPSS 0%9 h ago
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated
npm
CVE-2026-49397Medium· 5.3EPSS 0%14 h ago
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking na
go
CVE-2026-47124Medium· 6.5EPSS 0%14 h ago
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry
CVE-2026-54396—15 h ago
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.user_id value from t
CVE-2026-47264Medium· 5.3EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#tag_group_names returned every tag group a
CVE-2026-47263Medium· 4.3EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /web_hook_events/<id> in Jobs::Re
CVE-2026-45085Medium· 5.3EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin (one also
CVE-2026-44786High· 7.5EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to Message
CVE-2026-44785Medium· 4.3EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks can_see? on the post being ex
CVE-2026-44784Medium· 6.5EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can vie
CVE-2026-44782Medium· 4.3EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared include_user_long_name? as the predi
CVE-2026-44780Medium· 4.3EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload["
CVE-2026-44779Medium· 4.3EPSS 0%15 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This
CVE-2026-45536—EPSS 0%17 h ago
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once
maven
CVE-2026-53725—EPSS 0%17 h ago
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the _User class via Class-Level Permissions cou
CVE-2026-11459Low· 3.3EPSS 0%18 h ago
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is r
CVE-2026-6046Medium· 5.319 h ago
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept
CVE-2026-3433Medium· 4.319 h ago
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with
CVE-2016-4655Medium· 5.5KEVEXPLOITEPSS 82%20 h ago
Apple iOS Information Disclosure Vulnerability
CVE-2020-3259High· 7.5KEVEPSS 70%20 h ago
Cisco ASA and FTD Information Disclosure Vulnerability
CVE-2013-7331Medium· 6.5KEVEXPLOITEPSS 82%20 h ago
Microsoft Internet Explorer Information Disclosure Vulnerability
CVE-2017-0147High· 7.5KEVEXPLOITEPSS 93%20 h ago
Microsoft Windows SMBv1 Information Disclosure Vulnerability
CVE-2025-31125Medium· 5.3KEVEPSS 83%20 h ago
Vite Vitejs Improper Access Control Vulnerability
CVE-2017-5521High· 8.1KEVEXPLOITEPSS 94%20 h ago
NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability
CVE-2016-3351Medium· 6.5KEVEPSS 45%20 h ago
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
CVE-2017-0059Medium· 4.3KEVEXPLOITEPSS 84%20 h ago
Microsoft Internet Explorer Information Disclosure Vulnerability
CVE-2013-0631High· 7.5KEVEPSS 82%20 h ago
Adobe ColdFusion Information Disclosure Vulnerability
CVE-2021-41277Critical· 10.0KEVEPSS 94%20 h ago
Metabase GeoJSON API Local File Inclusion Vulnerability
CVE-2013-0632Critical· 9.8KEVEXPLOITEPSS 93%20 h ago
Adobe ColdFusion Authentication Bypass Vulnerability
CVE-2023-28432High· 7.5KEVEXPLOITEPSS 94%20 h ago
MinIO Information Disclosure Vulnerability
CVE-2016-6415High· 7.5KEVEXPLOITEPSS 93%20 h ago
Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
CVE-2026-20805Medium· 5.5KEVEPSS 2%20 h ago
Microsoft Windows Information Disclosure Vulnerability
CVE-2016-0162Medium· 4.3KEVEPSS 44%20 h ago
Microsoft Internet Explorer Information Disclosure Vulnerability
CVE-2015-4495High· 8.8KEVEXPLOITEPSS 72%20 h ago
Mozilla Firefox Security Feature Bypass Vulnerability
CVE-2016-3298Medium· 6.5KEVEPSS 28%20 h ago
Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability
CVE-2021-25369Medium· 6.2KEVEPSS 0%20 h ago
Samsung Mobile Devices Improper Access Control Vulnerability
CVE-2024-24919High· 8.6KEVEXPLOITEPSS 94%20 h ago
Check Point Quantum Security Gateways Information Disclosure Vulnerability
CVE-2015-5317High· 7.5KEVEPSS 40%20 h ago
Jenkins User Interface (UI) Information Disclosure Vulnerability
CVE-2016-2388Medium· 5.3KEVEXPLOITEPSS 68%20 h ago
SAP NetWeaver Information Disclosure Vulnerability
CVE-2026-20133Medium· 6.5KEVEPSS 2%20 h ago
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
CVE-2023-21237Medium· 5.5KEVEPSS 1%20 h ago
Android Pixel Information Disclosure Vulnerability
CVE-2017-0022Medium· 6.5KEVEPSS 37%20 h ago
Microsoft XML Core Services Information Disclosure Vulnerability
CVE-2026-50009Medium· 4.820 h ago
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and st
CVE-2026-44206—EPSS 0%20 h ago
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4.
CVE-2026-47176—EPSS 0%1 d ago
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs delete
CVE-2026-47177—EPSS 0%1 d ago
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are clos
CVE-2026-42970Medium· 5.5EPSS 0%1 d ago
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42971Medium· 5.5EPSS 0%1 d ago
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42907Medium· 6.5EPSS 0%1 d ago
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-49219Medium· 5.5EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a secur

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.