By weakness (CWE)
CWE-200: related vulnerabilities
CVEs classified under CWE-200. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
14 published vulnerabilities
- CVE-2025-69755HIGH 8.2
A vulnerability in the Neterbit NW-431F Router (firmware version NW-431F-20241014-IR03) allows attackers on the network to read sensitive information and run unauthorized commands on the device. An attacker can send specially crafted requests to the router's at_command.asp interface without needing credentials or user interaction, making this a direct and urgent threat to any organization using this model.
- CVE-2026-41032HIGH 7.5
CVE-2026-41032 is a high-severity information disclosure vulnerability affecting network controllers. An unauthenticated attacker on the same network segment can download log files from the controller without authentication, potentially exposing sensitive operational data. The vulnerability requires no user interaction and can be exploited over the network, making it a significant confidentiality risk for organizations running vulnerable controller infrastructure.
- CVE-2026-36611HIGH 7.3
A Mercusys AC12G (EU) V1 router with firmware version AC12G(EU)_V1_200909 has a vulnerability that exposes uninitialized memory to attackers on the same network. When the router receives certain requests on its UPnP port without proper headers, it returns 128 bytes of raw memory content that should have been inaccessible. An attacker with network access can exploit this to leak sensitive internal data without needing credentials.
- CVE-2026-42358MEDIUM 6.5
Apache Airflow's secret-masking feature, which is supposed to hide sensitive values in Variables when they're accessed through the UI or API, has a flaw that lets authenticated users read plaintext secrets stored in deeply nested JSON structures. The masking tool gives up checking for sensitive key names (like 'password', 'token', 'secret', 'api_key') once it reaches a certain nesting depth, so secrets buried deeper than that limit slip through unmasked. Any user with permission to read Variables can exploit this. This is a follow-up to an earlier fix; that patch addressed shallow nesting, but didn't raise the depth limit itself, leaving the same bypass hole for deeper structures.
- CVE-2026-42360MEDIUM 6.5
Apache Airflow has a flaw in how it protects sensitive information embedded within complex data structures (like JSON templates). When a workflow template is large enough to exceed Airflow's size limit for storing template data, the system converts it to plain text before masking secrets—a process that loses track of nested sensitive fields like passwords, tokens, and API keys. An authenticated user with access to read stored template fields could then retrieve these unmasked secrets. The issue affects Airflow deployments where workflow authors pass structured data containing nested sensitive values to operators. Even organizations that patched a related vulnerability (CVE-2025-68438) last year need to apply this additional update, as that earlier fix did not address this specific nested-key masking gap.
- CVE-2026-10254MEDIUM 5.3
SourceCodester Pet Grooming Management Software version 1.0 contains a vulnerability that exposes file and directory information to unauthenticated remote attackers. An unknown function in the /admin/ path fails to properly restrict access to sensitive filesystem metadata, allowing adversaries to enumerate files and directories without authentication. While this does not permit direct modification or service disruption, the information disclosure can serve as reconnaissance for subsequent targeted attacks. Public exploit code is available.
- CVE-2026-2128MEDIUM 5.3
The Breeze WordPress plugin through version 2.5.2 contains a flaw that allows attackers to view content meant only for administrators. When the "Cache Logged-in Users" feature is enabled, the plugin trusts cookie information without properly verifying it belongs to a real, authenticated user. An attacker can craft a fake cookie claiming to be an administrator, and the plugin will serve them the cached pages generated for that admin—exposing private posts, administrative controls, security tokens, and other sensitive data. No authentication or special privileges are required to attempt this attack.
- CVE-2026-10854MEDIUM 4.3
CVE-2026-10854 is a visibility control flaw in MISP's event template creation feature that allowed unauthorized users to see private galaxy data from other organizations. When creating an event template, the system listed all enabled galaxies without checking whether the user's organization owned them or whether they were marked private. This exposed sensitive metadata like galaxy type and description to users who shouldn't have access. The vulnerability requires authentication to exploit and affects only information disclosure—no data modification or denial of service is possible. MISP has patched the issue by filtering galaxy visibility based on organization ownership and distribution settings.
- CVE-2026-10864MEDIUM 4.3
A flaw in MISP's dashboard widgets allows authenticated users with low-level access to bypass field restrictions and view sensitive information they shouldn't have access to. By manipulating which data fields the New Users and New Organisations widgets display, attackers can circumvent settings designed to hide user email addresses and other restricted organization metadata. The vulnerability stems from how the application processes field filtering—if redaction leaves the field list empty, it falls back to returning unfiltered data instead of enforcing safe defaults.
- CVE-2026-28511MEDIUM 4.3
eLabFTW, an open-source electronic lab notebook platform, contains an information disclosure vulnerability affecting versions before 5.4.2. When an authenticated user performs a numeric search or reference lookup, the system may return resource titles that the user should not have access to view. The actual content of those resources remains protected—only the titles are exposed. This is particularly concerning because titles may contain sensitive information such as project names, patient identifiers, or regulated data that could constitute unauthorized disclosure.
- CVE-2026-36602MEDIUM 4.3
A Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909 has a flaw in its UPnP service that exposes internal kernel memory addresses to anyone on the same network segment. An attacker can query the router's UPnP interface to extract a raw MIPS kernel pointer, effectively creating a roadmap of how the router's operating system is laid out in memory. While this doesn't directly compromise the device, it removes a significant barrier to follow-up attacks by revealing memory layout details that are normally hidden.
- CVE-2026-36615MEDIUM 4.3
The Mercusys AC12G (EU) router running firmware version AC12G(EU)_V1_200909 contains an unauthenticated information disclosure vulnerability. An attacker on the same local network can access a hidden endpoint (/agileconfigreset) that leaks internal buffer contents without requiring any credentials or user interaction. This information could be used to further compromise the device or the network it serves.
- CVE-2026-36618MEDIUM 4.3
The Mercusys AC12G (EU) router with firmware version AC12G(EU)_V1_200909 has a configuration issue that allows anyone on the local network to discover which version of the DNS resolver software (unbound 1.22.0) is running on the device. An attacker can query the router for this information and use it to identify known vulnerabilities affecting that specific DNS software version, making targeted attacks easier. This is a local network exposure only—an attacker would need network access to the router or its subnet to exploit it.
- CVE-2026-10011LOW 3.1
A flaw in Chrome's Skia graphics library could allow an attacker who has already compromised Chrome's renderer process to extract sensitive data from websites you visit. The attacker would need to serve you a specially crafted web page to perform the attack. While the underlying issue received a High severity rating from Chromium, the overall exploitability is limited because it requires both renderer compromise and user interaction, making it a low-risk vulnerability in practical terms.