Skip to main content

CWE-612

Improper Authorization of Index Containing Sensitive Information

10 CVEs Avg CVSS 6.7 MITRE
0
CRITICAL
4
HIGH
5
MEDIUM
1
LOW
3
POC
0
KEV

Monthly

CVE-2019-25605 HIGH POC This Week

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-3660 MEDIUM This Month

Petlibro versions up to 1.7.31 contains a vulnerability that allows attackers to access other users' pet data by exploiting missing ownership verification (CVSS 6.5).

Authentication Bypass Petlibro
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-3654 MEDIUM This Month

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. [CVSS 5.3 MEDIUM]

Information Disclosure Petlibro
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3653 HIGH This Week

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. [CVSS 7.3 HIGH]

Authentication Bypass Petlibro
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-49071 MEDIUM This Month

Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Defender For Endpoint
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-25635 HIGH POC This Week

alf.io is an open source ticket reservation system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4560 MEDIUM POC PATCH This Month

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Omeka S
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41918 Maven MEDIUM PATCH This Month

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Elastic Opensearch
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2022-35980 Maven HIGH PATCH This Week

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Elastic Opensearch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22565 LOW PATCH Monitor

Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
3.8
EPSS
0.5%
EPSS 0% CVSS 8.7
HIGH POC This Week

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

Petlibro versions up to 1.7.31 contains a vulnerability that allows attackers to access other users' pet data by exploiting missing ownership verification (CVSS 6.5).

Authentication Bypass Petlibro
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. [CVSS 5.3 MEDIUM]

Information Disclosure Petlibro
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. [CVSS 7.3 HIGH]

Authentication Bypass Petlibro
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Defender For Endpoint
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

alf.io is an open source ticket reservation system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Alf
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Omeka S
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Elastic Opensearch
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Elastic Opensearch
NVD GitHub
EPSS 0% CVSS 3.8
LOW PATCH Monitor

Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy