Skip to main content

CWE-200

Information Exposure

7501 CVEs Avg CVSS 5.6 MITRE
233
CRITICAL
1492
HIGH
4995
MEDIUM
767
LOW
1262
POC
16
KEV

Monthly

CVE-2026-20298 MEDIUM PATCH This Month

Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.

Splunk Information Disclosure Splunk Enterprise Splunk Cloud Platform
NVD VulDB
CVSS 3.1
5.3
CVE-2026-58554 MEDIUM This Month

Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
6.6
CVE-2026-13230 MEDIUM PATCH This Month

Unauthenticated information disclosure in TP-Link Kasa EC70 v4 and EC71 v4 exposes sensitive geolocation data to any attacker on the same local network segment. The flaw resides in the devices' local discovery mechanism, which returns geolocation-related information in response to crafted network probes without requiring any credentials. Impact is limited to confidentiality; no integrity or availability compromise is possible through this vector. No public exploit exists and no active exploitation has been confirmed.

TP-Link Information Disclosure Kasa Ec71 V4 Kasa Ec70 V4
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-52101 CRITICAL Act Now

Information disclosure in andreimarcu Linx (linx-server) versions 1.0 through 2.3.8 lets remote attackers retrieve sensitive data through the uploadRemote function in upload.go, which fetches attacker-supplied remote URLs on the server's behalf. The flaw carries a CVSS 9.1 rating with a network, unauthenticated, low-complexity vector, so exploitation requires no credentials or user interaction. No public exploit is identified, though a third-party vulnerability report is published for the CVE.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-55608 npm MEDIUM PATCH GHSA This Month

In multi-tenant HTTP mode (`ENABLE_MULTI_TENANT=true`), an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope `workflow_versions` backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a normal n8n API capability. An authenticated MCP HTTP tenant could read or delete workflow-version backups stored in the default (single-tenant) scope - for example backups left from a prior single-tenant deployment or a migration period. Workflow snapshots may contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected. `<= 2.57.3` `2.57.4` Upgrade to n8n-mcp `2.57.4` or later. The fix requires a complete tenant context in multi-tenant mode and fails closed for workflow-version access that cannot be attributed to a specific tenant. - Restrict network access to the HTTP endpoint (firewall / reverse proxy / VPN) so only trusted callers can reach it. - Run in stdio mode, which has no multi-tenant HTTP surface. - If default-scope backups from a prior single-tenant deployment are not needed, removing them eliminates the exposure. Reported by @DavidCarliez.

Information Disclosure
NVD GitHub
CVSS 3.1
4.2
CVE-2026-48001 LOW Monitor

Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Adobe Information Disclosure Adobe Commerce Adobe Commerce B2B Magento Open Source +1
NVD
CVSS 3.1
3.7
EPSS
0.6%
CVE-2026-50157 PHP MEDIUM PATCH GHSA This Month

Applications built with the Auth0 Symphony SDK, using the Authorizer security authenticator to protect HTTP routes may accept OAuth 2.0 bearer access tokens provided through a URL query parameter, in addition to the standard Authorization header, which may increase the risk of access token exposure and replay against protected API endpoints. Upgrade auth0/symfony to version 5.9.0 or greater. Okta would like to thank Alex Yeara for their discovery.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
CVE-2026-15642 LOW PATCH Monitor

Devolutions Server 2026.1.22.0 and 2026.2.11.0 exposes Azure Key Vault client secrets in cleartext within Recovery Kit response files, defeating an explicit 'exclude sensitive data' option that administrators rely on. Any party who obtains a copy of the generated response file can trivially read the credential without any decryption or tooling. No public exploit code exists and the vulnerability is not in CISA KEV; however, because successful exploitation yields a reusable cloud credential, the downstream blast radius in Azure environments substantially exceeds what the 3.3 CVSS base score suggests. A vendor-released patch is available.

Hashicorp Microsoft Information Disclosure Server
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-57095 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.2
EPSS
0.5%
CVE-2026-56184 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVSS 5.3
MEDIUM PATCH This Month

Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.

Splunk Information Disclosure Splunk Enterprise +1
NVD VulDB
CVSS 6.6
MEDIUM This Month

Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unauthenticated information disclosure in TP-Link Kasa EC70 v4 and EC71 v4 exposes sensitive geolocation data to any attacker on the same local network segment. The flaw resides in the devices' local discovery mechanism, which returns geolocation-related information in response to crafted network probes without requiring any credentials. Impact is limited to confidentiality; no integrity or availability compromise is possible through this vector. No public exploit exists and no active exploitation has been confirmed.

TP-Link Information Disclosure Kasa Ec71 V4 +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Information disclosure in andreimarcu Linx (linx-server) versions 1.0 through 2.3.8 lets remote attackers retrieve sensitive data through the uploadRemote function in upload.go, which fetches attacker-supplied remote URLs on the server's behalf. The flaw carries a CVSS 9.1 rating with a network, unauthenticated, low-complexity vector, so exploitation requires no credentials or user interaction. No public exploit is identified, though a third-party vulnerability report is published for the CVE.

Information Disclosure
NVD GitHub
CVSS 4.2
MEDIUM PATCH This Month

In multi-tenant HTTP mode (`ENABLE_MULTI_TENANT=true`), an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope `workflow_versions` backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a normal n8n API capability. An authenticated MCP HTTP tenant could read or delete workflow-version backups stored in the default (single-tenant) scope - for example backups left from a prior single-tenant deployment or a migration period. Workflow snapshots may contain sensitive workflow configuration depending on their contents. Single-tenant and stdio deployments are not affected. `<= 2.57.3` `2.57.4` Upgrade to n8n-mcp `2.57.4` or later. The fix requires a complete tenant context in multi-tenant mode and fails closed for workflow-version access that cannot be attributed to a specific tenant. - Restrict network access to the HTTP endpoint (firewall / reverse proxy / VPN) so only trusted callers can reach it. - Run in stdio mode, which has no multi-tenant HTTP surface. - If default-scope backups from a prior single-tenant deployment are not needed, removing them eliminates the exposure. Reported by @DavidCarliez.

Information Disclosure
NVD GitHub
EPSS 1% CVSS 3.7
LOW Monitor

Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Adobe Information Disclosure Adobe Commerce +3
NVD
CVSS 6.5
MEDIUM PATCH This Month

Applications built with the Auth0 Symphony SDK, using the Authorizer security authenticator to protect HTTP routes may accept OAuth 2.0 bearer access tokens provided through a URL query parameter, in addition to the standard Authorization header, which may increase the risk of access token exposure and replay against protected API endpoints. Upgrade auth0/symfony to version 5.9.0 or greater. Okta would like to thank Alex Yeara for their discovery.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Devolutions Server 2026.1.22.0 and 2026.2.11.0 exposes Azure Key Vault client secrets in cleartext within Recovery Kit response files, defeating an explicit 'exclude sensitive data' option that administrators rely on. Any party who obtains a copy of the generated response file can trivially read the credential without any decryption or tooling. No public exploit code exists and the vulnerability is not in CISA KEV; however, because successful exploitation yields a reusable cloud credential, the downstream blast radius in Azure environments substantially exceeds what the 3.3 CVSS base score suggests. A vendor-released patch is available.

Hashicorp Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy