Skip to main content

CWE-1258

Exposure of Sensitive System Information Due to Uncleared Debug Information

10 CVEs Avg CVSS 5.8 MITRE
0
CRITICAL
4
HIGH
4
MEDIUM
2
LOW
1
POC
0
KEV

Monthly

CVE-2026-52696 HIGH This Week

Sensitive data exposure in the JetBlog WordPress plugin (versions 2.4.8 and earlier) allows remote unauthenticated attackers to retrieve confidential information from affected sites over the network with no user interaction. The flaw is reported by Patchstack with a CVSS 3.1 base score of 7.5 (high confidentiality impact only). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided in the input.

Information Disclosure Jetblog
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-14551 PyPI LOW PATCH Monitor

Ubuntu Subiquity 24.04.4 leaks sensitive user credentials in crash report logs submitted to Launchpad during installation failures, potentially exposing plaintext Wi-Fi passwords and other credentials to unauthorized third parties. The vulnerability affects multiple Ubuntu versions (24.04.4, 25.04, and 25.10) and requires user interaction (submission of a crash report) but carries low real-world exploitation risk due to a CVSS score of 2.7 and absence of active exploitation signals. No public exploit code is known; vendor-released patches are available.

Denial Of Service Ubuntu
NVD GitHub
CVSS 4.0
2.7
EPSS
0.0%
CVE-2025-15480 LOW PATCH Monitor

ubuntu-desktop-provision version 24.04.4 leaks user password hashes in crash report logs submitted to Launchpad during installation failures. An unauthenticated remote attacker can obtain sensitive credentials if a user opts to report the installation failure, requiring user interaction to trigger the vulnerability but resulting in direct exposure of authentication material. Patch available from Canonical via GitHub pull requests; EPSS and KEV status not actively exploited at time of analysis.

Denial Of Service Ubuntu
NVD GitHub
CVSS 4.0
2.7
EPSS
0.0%
CVE-2026-26948 MEDIUM PATCH This Month

Dell Integrated Dell Remote Access Controller (iDRAC) versions 9, 14G (prior to 7.00.00.174), 15G, and 16G (prior to 7.10.90.00) contain an exposure of sensitive system information vulnerability caused by uncleared debug information in memory or logs. A remote attacker with high privileges can exploit this to disclose confidential system details without modifying or disrupting service availability. While the CVSS score is moderate at 4.9 due to high privilege requirements, the confidentiality impact is rated high, making this relevant for organizations where insider threats or compromised administrator accounts are a concern.

Dell Information Disclosure Integrated Dell Remote Access Controller
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-26482 MEDIUM This Month

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Poweredge R770 Firmware Poweredge R670 Firmware Poweredge R570 Firmware +109
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-32257 MEDIUM POC This Month

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-36913 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-36912 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-48308 MEDIUM PATCH This Month

Nextcloud/Cloud is a calendar app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Calendar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39292 Cargo HIGH PATCH This Week

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slack Morphism
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive data exposure in the JetBlog WordPress plugin (versions 2.4.8 and earlier) allows remote unauthenticated attackers to retrieve confidential information from affected sites over the network with no user interaction. The flaw is reported by Patchstack with a CVSS 3.1 base score of 7.5 (high confidentiality impact only). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided in the input.

Information Disclosure Jetblog
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Ubuntu Subiquity 24.04.4 leaks sensitive user credentials in crash report logs submitted to Launchpad during installation failures, potentially exposing plaintext Wi-Fi passwords and other credentials to unauthorized third parties. The vulnerability affects multiple Ubuntu versions (24.04.4, 25.04, and 25.10) and requires user interaction (submission of a crash report) but carries low real-world exploitation risk due to a CVSS score of 2.7 and absence of active exploitation signals. No public exploit code is known; vendor-released patches are available.

Denial Of Service Ubuntu
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

ubuntu-desktop-provision version 24.04.4 leaks user password hashes in crash report logs submitted to Launchpad during installation failures. An unauthenticated remote attacker can obtain sensitive credentials if a user opts to report the installation failure, requiring user interaction to trigger the vulnerability but resulting in direct exposure of authentication material. Patch available from Canonical via GitHub pull requests; EPSS and KEV status not actively exploited at time of analysis.

Denial Of Service Ubuntu
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Dell Integrated Dell Remote Access Controller (iDRAC) versions 9, 14G (prior to 7.00.00.174), 15G, and 16G (prior to 7.10.90.00) contain an exposure of sensitive system information vulnerability caused by uncleared debug information in memory or logs. A remote attacker with high privileges can exploit this to disclose confidential system details without modifying or disrupting service availability. While the CVSS score is moderate at 4.9 due to high privilege requirements, the confidentiality impact is rated high, making this relevant for organizations where insider threats or compromised administrator accounts are a concern.

Dell Information Disclosure Integrated Dell Remote Access Controller
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Poweredge R770 Firmware +111
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux Debian Linux +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux Linux Kernel
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud/Cloud is a calendar app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Calendar
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slack Morphism
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy