Fallos del tipo CWE-200

3916 resultados
CVE-2024-53359HIGHAn issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request.EPSS 0.4%CVE-2026-8028MEDIUMFlowiseAI Flowise Endpoint account.service.ts verify information disclosureEPSS 0.4%CVE-2025-62669MEDIUMUserInfoCard: activeLocalBlocksAllWikis does not do permissions checksEPSS 0.4%CVE-2026-30852MEDIUMCaddy: vars_regexp double-expands user input, leaking env vars and filesEPSS 0.4%CVE-2025-68719HIGHKAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active sessEPSS 0.4%CVE-2026-27796MEDIUMHomarr: Unauthenticated Information Disclosure (Integration Metadata Leak)EPSS 0.4%CVE-2021-32638MEDIUMCodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecatedEPSS 0.4%CVE-2024-8899MEDIUMJeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_templateEPSS 0.4%CVE-2024-21152HIGHVulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules). Supported veEPSS 0.4%CVE-2026-2894MEDIUMfunadmin forget.html getMember information disclosureEPSS 0.4%CVE-2026-23983LOWApache Superset: Sensitive Data Exposure via REST API (disabled by default)EPSS 0.4%CVE-2026-42333MEDIUMquarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operationsEPSS 0.4%CVE-2023-34250MEDIUMDiscourse vulnerable to exposure of number of topics recently created in private categoriesEPSS 0.4%CVE-2024-11083MEDIUMProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureEPSS 0.4%CVE-2025-30127CRITICALAn issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, thEPSS 0.4%CVE-2024-13568HIGHFluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected DirectoryEPSS 0.4%CVE-2011-4916Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.EPSS 0.4%CVE-2023-4877MEDIUMExposure of Sensitive Information to an Unauthorized Actor in hamza417/inureEPSS 0.4%CVE-2025-54118MEDIUMNamelessMC allows sensitive information disclosure in member list componentEPSS 0.4%CVE-2026-37453HIGHInsecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via EPSS 0.4%