Common Weakness Enumeration

CWE-497

Allowed

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Abstraction: Base · Status: Incomplete

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

669 vulnerabilities reference this CWE, most recent first.

GHSA-2C9X-Q6G3-36C7

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T17:16:57Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of sensitive system information to an unauthorized control sphere in Windows Kernel allows an unauthorized attacker to disclose information locally.",
  "id": "GHSA-2c9x-q6g3-36c7",
  "modified": "2026-07-14T18:32:03Z",
  "published": "2026-07-14T18:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50294"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50294"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2F38-FVH4-3V69

Vulnerability from github – Published: 2026-07-13 12:35 – Updated: 2026-07-13 12:35
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 2.0.8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-13T10:16:32Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoice Builder: from n/a through \u003c= 2.0.8.",
  "id": "GHSA-2f38-fvh4-3v69",
  "modified": "2026-07-13T12:35:02Z",
  "published": "2026-07-13T12:35:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57393"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/woo-pdf-invoice-builder/vulnerability/wordpress-woocommerce-pdf-invoice-builder-plugin-2-0-8-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2FCH-5G6G-5J6Q

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-49068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:17:19Z",
    "severity": "HIGH"
  },
  "details": "Subscriber Sensitive Data Exposure in Coupon Affiliates \u003c= 7.8.1 versions.",
  "id": "GHSA-2fch-5g6g-5j6q",
  "modified": "2026-06-15T21:30:49Z",
  "published": "2026-06-15T21:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49068"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/woo-coupon-usage/vulnerability/wordpress-coupon-affiliates-plugin-7-8-1-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2FXJ-84G8-M9VW

Vulnerability from github – Published: 2024-07-09 12:30 – Updated: 2024-07-09 12:30
VLAI
Details

A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T12:15:17Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in RUGGEDCOM RMC30 (All versions \u003c V4.3.10), RUGGEDCOM RMC30NC (All versions \u003c V4.3.10), RUGGEDCOM RP110 (All versions \u003c V4.3.10), RUGGEDCOM RP110NC (All versions \u003c V4.3.10), RUGGEDCOM RS400 (All versions \u003c V4.3.10), RUGGEDCOM RS400NC (All versions \u003c V4.3.10), RUGGEDCOM RS401 (All versions \u003c V4.3.10), RUGGEDCOM RS401NC (All versions \u003c V4.3.10), RUGGEDCOM RS416 (All versions \u003c V4.3.10), RUGGEDCOM RS416NC (All versions \u003c V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416P (All versions \u003c V4.3.10), RUGGEDCOM RS416PNC (All versions \u003c V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS910 (All versions \u003c V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions \u003c V4.3.10), RUGGEDCOM RS910W (All versions \u003c V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.",
  "id": "GHSA-2fxj-84g8-m9vw",
  "modified": "2024-07-09T12:30:57Z",
  "published": "2024-07-09T12:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39675"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2G85-XWQ8-G4F8

Vulnerability from github – Published: 2025-11-21 15:31 – Updated: 2026-01-20 15:31
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-21T13:15:46Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through \u003c 6.10.0.",
  "id": "GHSA-2g85-xwq8-g4f8",
  "modified": "2026-01-20T15:31:56Z",
  "published": "2025-11-21T15:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66056"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/uncanny-automator/vulnerability/wordpress-uncanny-automator-plugin-6-10-0-sensitive-data-exposure-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/uncanny-automator/vulnerability/wordpress-uncanny-automator-plugin-6-10-0-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H3H-VPF4-F727

Vulnerability from github – Published: 2025-12-30 12:30 – Updated: 2026-01-20 15:32
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-69026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-30T11:16:01Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through \u003c= 2.1.5.",
  "id": "GHSA-2h3h-vpf4-f727",
  "modified": "2026-01-20T15:32:46Z",
  "published": "2025-12-30T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69026"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/popup-builder-block/vulnerability/wordpress-popupkit-plugin-2-1-5-sensitive-data-exposure-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/popup-builder-block/vulnerability/wordpress-popupkit-plugin-2-1-5-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2JF5-6WWV-VHXX

Vulnerability from github – Published: 2026-05-05 18:13 – Updated: 2026-05-11 13:29
VLAI
Summary
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Details

Summary

A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler.

The serve() handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS, or DELETE fall through to a generic handler that returns diagnostic information. A change introduced in v3.22.0 caused this diagnostic response to include the contents of process.env, exposing any secrets, API keys, or credentials present in the environment.

Who is affected

An application is vulnerable if all of the following are true:

  • It uses inngest SDK version >= 3.22.0, <= 3.53.1 (inclusive)
  • Its serve() endpoint is reachable via PATCH, OPTIONS, or DELETE requests.

Please check your framework's implementation for the serve handler (documentation) to asses whether it handles these HTTP methods. Common vulnerable configurations include:

  • Next.js Pages Router, which forwards all HTTP methods to the handler.
  • Express via app.use('/api/inngest', serve(...)), which routes PATCH and OPTIONS to the handler by default.

The following are not affected:

  • Next.js App Router handlers that explicitly export only GET, POST, and PUT.
  • Applications using the connect worker method.
  • SDK versions < 3.22.0 and >= 3.54.0, including all 4.x releases.

The vulnerability was responsibly disclosed by an Inngest user. At this time, there are no known reports of exploitation.

Remediation

  1. Upgrade to inngest@3.54.0 or later. The fix is backwards compatible with the 3.x release line. The 4.x line is also unaffected.
  2. Rotate any secrets that were presence in environment variables (process.env) within affected environments including Inngest signing keys and event keys
  3. Search logs for any requests to your serve endpoints using the PATCH, OPTIONS, DELETE http methods to assess if any environment variables may have been exposed.

Additional recommendations

Users on platforms with long-lived deployments (e.g. Vercel, Cloudflare Workers) should be aware that prior deployments remain reachable at their immutable URLs and may continue to expose the vulnerability even after a new deployment is promoted. For example, Vercel offers security features such as "Deployment Protection" and the ability to delete older deployments which can help immediately mitigate impact.

For additional security, users can also adjust firewall or proxy rules to only allow requests to their serve endpoint from Inngest IP addresses available here: http://inngest.com/ips-v4, http://inngest.com/ips-v6

Workarounds

If upgrading is not immediately possible, restrict the serve() endpoint at the framework or reverse-proxy layer to accept only GET, POST, and PUT. The Inngest serve() endpoint does not require any other HTTP methods.

Resources

  • Rotating Inngest keys: https://www.inngest.com/docs/platform/manage/rotating-keys
  • Inngest signing keys: https://www.inngest.com/docs/platform/signing-keys
  • Inngest event keys: https://www.inngest.com/docs/events/creating-an-event-key
  • Inngest security best practices: https://www.inngest.com/docs/learn/security

Credits

  • Ben Hylak - an independent security researcher, discovered and responsibly disclosed the vulnerability.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "inngest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.22.0"
            },
            {
              "fixed": "3.54.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-497"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T18:13:52Z",
    "nvd_published_at": "2026-05-07T21:16:29Z",
    "severity": "HIGH"
  },
  "details": "# Summary\n\nA vulnerability in the Inngest TypeScript SDK versions `3.22.0` through `3.53.1` allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the `serve()` HTTP handler.\n\nThe `serve()` handler implements `GET`, `POST`, and `PUT` methods. Requests using `PATCH`, `OPTIONS`, or `DELETE` fall through to a generic handler that returns diagnostic information. A change introduced in `v3.22.0` caused this diagnostic response to include the contents of `process.env`, exposing any secrets, API keys, or credentials present in the environment.\n\n# Who is affected\n\nAn application is vulnerable if **all** of the following are true:\n\n- It uses `inngest` SDK version `\u003e= 3.22.0, \u003c= 3.53.1` (inclusive)\n- Its `serve()` endpoint is reachable via `PATCH`, `OPTIONS`, or `DELETE` requests.\n\nPlease check your framework\u0027s implementation for the serve handler ([documentation](https://www.inngest.com/docs/learn/serving-inngest-functions)) to asses whether it handles these HTTP methods. Common vulnerable configurations include:\n\n- Next.js Pages Router, which forwards all HTTP methods to the handler.\n- Express via `app.use(\u0027/api/inngest\u0027, serve(...))`, which routes `PATCH` and `OPTIONS` to the handler by default.\n\nThe following are **not** affected:\n\n- Next.js App Router handlers that explicitly export only `GET`, `POST`, and `PUT`.\n- Applications using the `connect` worker method.\n- SDK versions `\u003c 3.22.0` and `\u003e= 3.54.0`, including all `4.x` releases.\n\nThe vulnerability was responsibly disclosed by an Inngest user. At this time, there are no known reports of exploitation.\n\n# Remediation\n\n1. Upgrade to `inngest@3.54.0` or later. The fix is backwards compatible with the `3.x` release line. The `4.x` line is also unaffected.\n2. Rotate any secrets that were presence in environment variables (`process.env`) within affected environments including Inngest signing keys and event keys\n3. Search logs for any requests to your `serve` endpoints using the `PATCH`, `OPTIONS`, `DELETE` http methods to assess if any environment variables may have been exposed.\n\n## Additional recommendations\n\nUsers on platforms with long-lived deployments (e.g. Vercel, Cloudflare Workers) should be aware that prior deployments remain reachable at their immutable URLs and may continue to expose the vulnerability even after a new deployment is promoted. For example, Vercel offers security features such as \"[Deployment Protection](https://vercel.com/docs/deployment-protection#standard-protection)\" and [the ability to delete older deployments](https://vercel.com/kb/guide/how-do-i-delete-an-individual-deployment) which can help immediately mitigate impact.\n\nFor additional security, users can also adjust firewall or proxy rules to only allow requests to their `serve` endpoint from Inngest IP addresses available here: http://inngest.com/ips-v4, http://inngest.com/ips-v6\n\n### Workarounds\n\nIf upgrading is not immediately possible, restrict the `serve()` endpoint at the framework or reverse-proxy layer to accept only `GET`, `POST`, and `PUT`. The Inngest `serve()` endpoint does not require any other HTTP methods.\n\n### Resources\n\n- Rotating Inngest keys: https://www.inngest.com/docs/platform/manage/rotating-keys\n- Inngest signing keys: https://www.inngest.com/docs/platform/signing-keys\n- Inngest event keys: https://www.inngest.com/docs/events/creating-an-event-key\n- Inngest security best practices: https://www.inngest.com/docs/learn/security\n\n### Credits\n\n- Ben Hylak - an independent security researcher, discovered and responsibly disclosed the vulnerability.",
  "id": "GHSA-2jf5-6wwv-vhxx",
  "modified": "2026-05-11T13:29:55Z",
  "published": "2026-05-05T18:13:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/inngest/inngest-js/security/advisories/GHSA-2jf5-6wwv-vhxx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42047"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/inngest/inngest-js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/inngest/inngest-js/releases/tag/inngest%403.54.1"
    },
    {
      "type": "WEB",
      "url": "https://vercel.com/docs/deployment-protection#standard-protection"
    },
    {
      "type": "WEB",
      "url": "https://vercel.com/kb/guide/how-do-i-delete-an-individual-deployment"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/events/creating-an-event-key"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/learn/security"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/learn/serving-inngest-functions"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/platform/manage/rotating-keys"
    },
    {
      "type": "WEB",
      "url": "https://www.inngest.com/docs/platform/signing-keys"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods"
}

GHSA-2MR3-PJ2M-Q569

Vulnerability from github – Published: 2025-11-04 00:32 – Updated: 2025-11-06 18:32
VLAI
Details

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. CVE-2024-13995 addresses a similar vulnerability with a potentially incomplete fix for the underlying problem in earlier versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-03T22:16:40Z",
    "severity": "MODERATE"
  },
  "details": "Nagios XI versions prior to\u00a02024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts.\u00a0CVE-2024-13995 addresses a similar vulnerability with a potentially incomplete fix for the underlying problem in earlier versions.",
  "id": "GHSA-2mr3-pj2m-q569",
  "modified": "2025-11-06T18:32:49Z",
  "published": "2025-11-04T00:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13998"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/changelog/nagios-xi"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/products/security/#nagios-xi"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/nagios-xi-api-keys-and-hashed-password-authenticated-information-disclosure-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2PWW-22WF-FGM9

Vulnerability from github – Published: 2025-12-18 09:30 – Updated: 2026-01-20 15:32
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Retrieve Embedded Sensitive Data.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through <= 1.5.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64272"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-18T08:16:13Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Retrieve Embedded Sensitive Data.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through \u003c= 1.5.3.",
  "id": "GHSA-2pww-22wf-fgm9",
  "modified": "2026-01-20T15:32:31Z",
  "published": "2025-12-18T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64272"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/getresponse-official/vulnerability/wordpress-email-marketing-for-wordpress-by-getresponse-official-plugin-1-5-3-sensitive-data-exposure-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/getresponse-official/vulnerability/wordpress-email-marketing-for-wordpress-by-getresponse-official-plugin-1-5-3-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2R7H-JV72-F7XP

Vulnerability from github – Published: 2025-05-19 18:30 – Updated: 2026-04-28 21:35
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-19T17:15:27Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.",
  "id": "GHSA-2r7h-jv72-f7xp",
  "modified": "2026-04-28T21:35:37Z",
  "published": "2025-05-19T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39394"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/analyticswp/vulnerability/wordpress-analyticswp-plugin-2-1-2-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs

CAPEC-170: Web Application Fingerprinting

An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.

CAPEC-694: System Location Discovery

An adversary collects information about the target system in an attempt to identify the system's geographical location.

Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.