CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Monthly
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through < 5.6.5.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8.
Unauthenticated remote attackers can access configuration files containing database credentials in MB Connect Line mbconnect24 and mymbconnect24 products, resulting in disclosure of sensitive authentication material. Although CVSS rates this as 5.3 (low severity confidentiality impact), the practical risk is limited because the disclosed credentials cannot be directly exploited to compromise additional systems-no exposed endpoint exists to leverage them. No public exploit code or active exploitation has been identified at the time of analysis.
IBM DataPower Gateway versions 10.6CD (10.6.1.0-10.6.5.0), 10.5.0 (10.5.0.0-10.5.0.20), and 10.6.0 (10.6.0.0-10.6.0.8) disclose sensitive system information from other domains to authenticated administrative users due to improper access control. The vulnerability requires high-privilege administrative access over the network and results in confidentiality impact only; no public exploit code or active exploitation has been confirmed. CVSS 4.1 reflects low real-world risk due to authentication requirement, though patch availability limits exposure window.
The RadiusTheme Review Schema WordPress plugin versions up to and including 2.2.6 contains an information disclosure vulnerability (CWE-497) that allows unauthorized attackers to retrieve embedded sensitive data through the plugin's schema implementation. An attacker can exploit this vulnerability to access system information that should not be exposed, potentially leveraging the data for reconnaissance or further attacks. No CVSS score, EPSS data, or confirmed KEV/POC status is currently available, but the vulnerability has been documented by Patchstack and assigned EUVD-2026-15657.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through < 5.6.5.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8.
Unauthenticated remote attackers can access configuration files containing database credentials in MB Connect Line mbconnect24 and mymbconnect24 products, resulting in disclosure of sensitive authentication material. Although CVSS rates this as 5.3 (low severity confidentiality impact), the practical risk is limited because the disclosed credentials cannot be directly exploited to compromise additional systems-no exposed endpoint exists to leverage them. No public exploit code or active exploitation has been identified at the time of analysis.
IBM DataPower Gateway versions 10.6CD (10.6.1.0-10.6.5.0), 10.5.0 (10.5.0.0-10.5.0.20), and 10.6.0 (10.6.0.0-10.6.0.8) disclose sensitive system information from other domains to authenticated administrative users due to improper access control. The vulnerability requires high-privilege administrative access over the network and results in confidentiality impact only; no public exploit code or active exploitation has been confirmed. CVSS 4.1 reflects low real-world risk due to authentication requirement, though patch availability limits exposure window.
The RadiusTheme Review Schema WordPress plugin versions up to and including 2.2.6 contains an information disclosure vulnerability (CWE-497) that allows unauthorized attackers to retrieve embedded sensitive data through the plugin's schema implementation. An attacker can exploit this vulnerability to access system information that should not be exposed, potentially leveraging the data for reconnaissance or further attacks. No CVSS score, EPSS data, or confirmed KEV/POC status is currently available, but the vulnerability has been documented by Patchstack and assigned EUVD-2026-15657.