Weaknesses of type CWE-359
187 resultsCVE-2023-6695MEDIUMBeaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcodeEPSS 0.5%CVE-2025-13008HIGHSession Token Disclosure in M-Files WebEPSS 0.5%CVE-2022-46168LOWGroup SMTP user emails are exposed in CC email headerEPSS 0.5%CVE-2025-43405HIGHA permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, maEPSS 0.5%CVE-2025-43399HIGHThis issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS SequoiEPSS 0.5%CVE-2024-30321HIGHA vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versioEPSS 0.5%CVE-2024-29986MEDIUMMicrosoft Edge for Android (Chromium-based) Information Disclosure VulnerabilityEPSS 0.5%CVE-2025-66172HIGHApache CloudStack: Any user can attach a volume in their VMs from backups they should not have access toEPSS 0.5%CVE-2023-1936LOWExposure of Private Personal Information to an Unauthorized Actor in GitLabEPSS 0.5%CVE-2023-2239HIGHExposure of Private Personal Information to an Unauthorized Actor in microweber/microweberEPSS 0.5%CVE-2024-13215MEDIUMElementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal PopupEPSS 0.5%CVE-2024-49025MEDIUMMicrosoft Edge (Chromium-based) Information Disclosure VulnerabilityEPSS 0.5%CVE-2023-25819MEDIUMDiscourse tags with no visibility are leaking into og:article:tagEPSS 0.5%CVE-2024-4767MEDIUMIf the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. ThisEPSS 0.5%CVE-2025-5334HIGHExposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager
allows EPSS 0.5%CVE-2024-33271HIGHAn issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the ps_customer component.EPSS 0.5%CVE-2024-53258HIGHdownload_all_submissions allows student to download another student's submissions in AutolabEPSS 0.5%CVE-2023-34085LOWUser Attribute Disclosure via DynamoDB Data StoresEPSS 0.5%CVE-2026-0102LOWMicrosoft Edge (Chromium-based) Defense in Depth VulnerabilityEPSS 0.5%CVE-2025-43500HIGHA privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1,EPSS 0.5%