Skip to main content

CWE-213

Exposure of Sensitive Information Due to Incompatible Policies

25 CVEs Avg CVSS 5.1 MITRE
1
CRITICAL
3
HIGH
12
MEDIUM
9
LOW
1
POC
0
KEV

Monthly

CVE-2026-6280 MEDIUM This Month

Nomysem, an education and consulting management platform by Turkish vendor NOMYSOFT Informatics, exposes sensitive information to authenticated low-privilege users due to incompatible ACL policies that fail to properly constrain access to restricted functionality. Network-accessible endpoints can be reached by any valid account holder, yielding high-confidentiality-impact data exposure without requiring elevated rights or user interaction. No public exploit code has been identified at time of analysis; however, the vendor failed to respond to coordinated disclosure, leaving the vulnerability unpatched.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-52603 LOW Monitor

Connections versions up to 7.0 contains a vulnerability that allows attackers to obtain limited information when a single piece of internal metadata is returned (CVSS 3.5).

Information Disclosure Connections
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-54831 PyPI MEDIUM PATCH This Month

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Airflow
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-49827 LOW Monitor

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-32791 npm MEDIUM PATCH This Month

The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24316 MEDIUM This Month

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-49354 MEDIUM This Month

IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-44121 MEDIUM This Month

Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-7267 HIGH This Week

Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ezd Rp
NVD
CVSS 4.0
7.1
EPSS
0.6%
CVE-2023-6517 HIGH This Week

Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mia Med
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Nomysem, an education and consulting management platform by Turkish vendor NOMYSOFT Informatics, exposes sensitive information to authenticated low-privilege users due to incompatible ACL policies that fail to properly constrain access to restricted functionality. Network-accessible endpoints can be reached by any valid account holder, yielding high-confidentiality-impact data exposure without requiring elevated rights or user interaction. No public exploit code has been identified at time of analysis; however, the vendor failed to respond to coordinated disclosure, leaving the vulnerability unpatched.

Information Disclosure
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Connections versions up to 7.0 contains a vulnerability that allows attackers to obtain limited information when a single piece of internal metadata is returned (CVSS 3.5).

Information Disclosure Connections
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Airflow
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Concert
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ezd Rp
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mia Med
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy