Fallos del tipo CWE-200
3916 resultadosCVE-2024-6574MEDIUMLaposta <= 1.12 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2024-12140MEDIUMElementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content DisclosureEPSS 0.4%CVE-2025-20226MEDIUMRisky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk EnterpriseEPSS 0.4%CVE-2026-47340MEDIUMApache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.EPSS 0.4%CVE-2025-3978MEDIUMdazhouda lecms user_set.htm information disclosureEPSS 0.4%CVE-2025-5436MEDIUMMultilaser Sirius RE016 cstecgi.cgi information disclosureEPSS 0.4%CVE-2024-4837MEDIUMTrust Boundary Violation VulnerabilityEPSS 0.4%CVE-2024-54134HIGH@solana/web3.js modified package published to npm, containing malware that exfiltrates private key materialEPSS 0.4%CVE-2025-70829MEDIUMAn information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC conEPSS 0.4%CVE-2024-22301MEDIUMWordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Sensitive Data ExposureEPSS 0.4%CVE-2025-15121MEDIUMJeecgBoot getDeptRoleByUserId information disclosureEPSS 0.4%CVE-2025-25281HIGHOutback Power Mojave Inverter Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.4%CVE-2026-58033MEDIUM"Total number of distinct authors" statistic at action=info does not exclude revisions where the author name was deletedEPSS 0.4%CVE-2024-41259CRITICALUse of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account informationEPSS 0.4%CVE-2024-28339MEDIUMAn information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attaEPSS 0.4%CVE-2025-22973HIGHAn issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/applicationEPSS 0.4%CVE-2022-27891MEDIUMPalantir Gotham included an unauthenticated endpoint that listed all active usernames in the platform with an active session. EPSS 0.4%CVE-2025-3059MEDIUMProfile Private - Critical - Unsupported - SA-CONTRIB-2025-002EPSS 0.4%CVE-2026-32890CRITICALAnchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/configEPSS 0.4%CVE-2024-45040MEDIUMgnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge propertyEPSS 0.4%