Skip to main content

CWE-200

Information Exposure

7509 CVEs Avg CVSS 5.6 MITRE
233
CRITICAL
1492
HIGH
4998
MEDIUM
772
LOW
1262
POC
16
KEV

Monthly

CVE-2026-55406 MEDIUM This Month

Use-after-free in Buffa's OwnedView<V> type allows safe Rust calling code to hold field references that outlive the backing buffer, enabling read of freed heap memory and information disclosure. Affected are all Buffa releases prior to 0.7.0 (CPE: cpe:2.3:a:anthropics:buffa:*:*:*:*:*:*:*:*). The flaw is a soundness violation - no unsafe code in the caller is required - making it particularly insidious in a memory-safe language context. No public exploit identified at time of analysis and no CISA KEV listing; the CVSS 4.0 score of 5.9 reflects the high-complexity exploitation conditions acknowledged by the vendor.

Buffer Overflow Information Disclosure Buffa
NVD GitHub
CVSS 4.0
5.9
CVE-2026-57205 MEDIUM PATCH This Month

Insecure Direct Object Reference (IDOR) in Microsoft SimpleChat exposes any authenticated user's profile data to other authenticated users without authorization checks. The GET /api/user/info/<user_id> and GET /api/user/profile-image/<user_id> endpoints in route_backend_users.py accept a caller-supplied user_id and query the Cosmos DB user-settings document directly, bypassing object-level authorization - enabling enumeration of email addresses, display names, and profile images across the entire user base. No public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog; the vendor-released fix is version 0.241.203.

Information Disclosure Simplechat
NVD GitHub
CVSS 3.1
4.3
CVE-2026-56456 MEDIUM This Month

HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system logs, or debugging output rendered by the application dashboard. All versions are affected per the wildcard CPE, and the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms unauthenticated remote attackers can trivially trigger and read this disclosure with no special configuration. No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the leaked path information materially aids reconnaissance for chained attacks against the underlying server environment.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
5.3
CVE-2026-35145 LOW Monitor

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attacks by network-positioned adversaries. All versions per the CPE wildcard are affected, and the application fails to include the Strict-Transport-Security response header, leaving browsers without enforcement of HTTPS-only communication. No active exploitation has been identified (not in CISA KEV) and no public exploit code is known, consistent with the low CVSS score of 3.1.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
3.1
CVE-2026-35143 LOW Monitor

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication are issued without the SameSite attribute, allowing browsers to attach them to cross-origin requests. An attacker who can lure an authenticated victim to a malicious page may issue forged state-changing requests that the server honors under the victim's identity, provided the application also lacks Anti-CSRF token validation - a condition the CVE description explicitly names as the decisive amplifying factor. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog; real-world risk is further constrained by modern browser defaults (Chrome 80+ and Firefox apply SameSite=Lax by default), high attack complexity, and the required user interaction.

CSRF Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
3.0
CVE-2026-35142 LOW Monitor

Internal IP address exposure in HCL DFXAnalytics allows remote attackers who have obtained high-privilege authenticated access to harvest internal network topology details from generated server responses. The application embeds private IP addresses directly in its output, violating the CWE-200 information boundary and enabling attackers to map internal infrastructure for follow-on targeted attacks. No public exploit code exists and no active exploitation has been confirmed; the CVSS score of 2.6 reflects the significant access prerequisites that substantially limit real-world risk.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
2.6
CVE-2026-35140 LOW Monitor

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a network-positioned attacker to capture session tokens transmitted in cleartext over unencrypted HTTP channels. Authenticated sessions are at risk when traffic traverses a path the attacker can observe, such as shared networks or HTTP downgrade scenarios. No public exploit code has been identified at time of analysis, and CISA has not listed this in the Known Exploited Vulnerabilities catalog.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
3.0
CVE-2026-40956 LOW PATCH Monitor

Memory disclosure in Absolute Security Secure Access client (versions prior to 14.55) permits a small, indeterminate amount of process memory to leak to an adversary who has already achieved full control over the tunnel protocol. The CVSS 4.0 score of 2.1 accurately reflects the narrow real-world impact: an attacker must simultaneously possess intimate protocol knowledge and the ability to manipulate tunnel communications end-to-end, a prerequisite that dramatically limits the exploitable population. No public exploit code exists and the vulnerability does not appear in the CISA KEV catalog, reinforcing its low operational priority for most enterprises.

Information Disclosure Secure Access
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-20298 MEDIUM PATCH This Month

Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.

Splunk Information Disclosure Splunk Enterprise Splunk Cloud Platform
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-58554 MEDIUM This Month

Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVSS 5.9
MEDIUM This Month

Use-after-free in Buffa's OwnedView<V> type allows safe Rust calling code to hold field references that outlive the backing buffer, enabling read of freed heap memory and information disclosure. Affected are all Buffa releases prior to 0.7.0 (CPE: cpe:2.3:a:anthropics:buffa:*:*:*:*:*:*:*:*). The flaw is a soundness violation - no unsafe code in the caller is required - making it particularly insidious in a memory-safe language context. No public exploit identified at time of analysis and no CISA KEV listing; the CVSS 4.0 score of 5.9 reflects the high-complexity exploitation conditions acknowledged by the vendor.

Buffer Overflow Information Disclosure Buffa
NVD GitHub
CVSS 4.3
MEDIUM PATCH This Month

Insecure Direct Object Reference (IDOR) in Microsoft SimpleChat exposes any authenticated user's profile data to other authenticated users without authorization checks. The GET /api/user/info/<user_id> and GET /api/user/profile-image/<user_id> endpoints in route_backend_users.py accept a caller-supplied user_id and query the Cosmos DB user-settings document directly, bypassing object-level authorization - enabling enumeration of email addresses, display names, and profile images across the entire user base. No public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog; the vendor-released fix is version 0.241.203.

Information Disclosure Simplechat
NVD GitHub
CVSS 5.3
MEDIUM This Month

HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system logs, or debugging output rendered by the application dashboard. All versions are affected per the wildcard CPE, and the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms unauthenticated remote attackers can trivially trigger and read this disclosure with no special configuration. No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the leaked path information materially aids reconnaissance for chained attacks against the underlying server environment.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.1
LOW Monitor

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attacks by network-positioned adversaries. All versions per the CPE wildcard are affected, and the application fails to include the Strict-Transport-Security response header, leaving browsers without enforcement of HTTPS-only communication. No active exploitation has been identified (not in CISA KEV) and no public exploit code is known, consistent with the low CVSS score of 3.1.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.0
LOW Monitor

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication are issued without the SameSite attribute, allowing browsers to attach them to cross-origin requests. An attacker who can lure an authenticated victim to a malicious page may issue forged state-changing requests that the server honors under the victim's identity, provided the application also lacks Anti-CSRF token validation - a condition the CVE description explicitly names as the decisive amplifying factor. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog; real-world risk is further constrained by modern browser defaults (Chrome 80+ and Firefox apply SameSite=Lax by default), high attack complexity, and the required user interaction.

CSRF Information Disclosure Dfxanalytics
NVD VulDB
CVSS 2.6
LOW Monitor

Internal IP address exposure in HCL DFXAnalytics allows remote attackers who have obtained high-privilege authenticated access to harvest internal network topology details from generated server responses. The application embeds private IP addresses directly in its output, violating the CWE-200 information boundary and enabling attackers to map internal infrastructure for follow-on targeted attacks. No public exploit code exists and no active exploitation has been confirmed; the CVSS score of 2.6 reflects the significant access prerequisites that substantially limit real-world risk.

Information Disclosure Dfxanalytics
NVD VulDB
CVSS 3.0
LOW Monitor

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a network-positioned attacker to capture session tokens transmitted in cleartext over unencrypted HTTP channels. Authenticated sessions are at risk when traffic traverses a path the attacker can observe, such as shared networks or HTTP downgrade scenarios. No public exploit code has been identified at time of analysis, and CISA has not listed this in the Known Exploited Vulnerabilities catalog.

Information Disclosure Dfxanalytics
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Memory disclosure in Absolute Security Secure Access client (versions prior to 14.55) permits a small, indeterminate amount of process memory to leak to an adversary who has already achieved full control over the tunnel protocol. The CVSS 4.0 score of 2.1 accurately reflects the narrow real-world impact: an attacker must simultaneously possess intimate protocol knowledge and the ability to manipulate tunnel communications end-to-end, a prerequisite that dramatically limits the exploitable population. No public exploit code exists and the vulnerability does not appear in the CISA KEV catalog, reinforcing its low operational priority for most enterprises.

Information Disclosure Secure Access
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.

Splunk Information Disclosure Splunk Enterprise +1
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Harmonyos Emui
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy