Weaknesses of type CWE-497
339 resultsCVE-2026-39469MEDIUMWordPress PageLayer plugin <= 2.0.8 - Sensitive Data Exposure vulnerabilityEPSS 0.2%CVE-2025-4235HIGHUser-ID Credential Agent: Cleartext Exposure of Service Account passwordEPSS 0.2%CVE-2022-50237MEDIUMThe ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a sEPSS 0.2%CVE-2025-43406MEDIUMA logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive userEPSS 0.2%CVE-2025-53862LOWAap: aap-gateway: automation-hub: sensitive information disclosureEPSS 0.2%CVE-2025-69025MEDIUMWordPress Poptics plugin <= 1.0.20 - Sensitive Data Exposure vulnerabilityEPSS 0.2%CVE-2026-24618MEDIUMWordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerabilityEPSS 0.2%CVE-2024-22037MEDIUMDatabase password leaked by systemd uyuni-server-attestation serviceEPSS 0.2%CVE-2026-27349MEDIUMWordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerabilityEPSS 0.2%CVE-2026-0231MEDIUMCortex XDR Broker VM: Sensitive Information Disclosure VulnerabilityEPSS 0.2%CVE-2025-59447LOWThe YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interfaceEPSS 0.2%CVE-2023-5081LOWAn information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettableEPSS 0.2%CVE-2025-2236LOWExposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication.EPSS 0.2%CVE-2026-0239MEDIUMChronosphere Chronocollector Information Disclosure VulnerabilityEPSS 0.2%CVE-2025-43471MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.EPSS 0.2%CVE-2025-36238MEDIUMPower System Exposure of Sensitive System InformationEPSS 0.2%CVE-2025-23287LOWNVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successfulEPSS 0.1%CVE-2024-6388MEDIUMMarco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passinEPSS 0.1%CVE-2024-11035LOWCarbon Black Cloud Windows Sensor Information LeakEPSS 0.1%CVE-2025-6390MEDIUMCleartext storage of sensitive information in Brocade SANnav server audit logs.EPSS 0.1%