Falhas do tipo CWE-200

3.928 resultados
CVE-2026-0950MEDIUMSpectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive DataEPSS 0.3%CVE-2025-13683MEDIUMExposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions ServeEPSS 0.3%CVE-2026-41266HIGHFlowise: Sensitive Data Leak in public-chatbotConfigEPSS 0.3%CVE-2026-21940HIGHVulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affecEPSS 0.3%CVE-2024-43801MEDIUMPrivilege escalation to admin from a low-privileged user via SVG upload in JellyfinEPSS 0.3%CVE-2025-0525LOWIn affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could EPSS 0.3%CVE-2025-22956CRITICALOPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalatEPSS 0.3%CVE-2025-30352MEDIUMDirectus `search` query parameter allows enumeration of non permitted fieldsEPSS 0.3%CVE-2024-35682MEDIUMWordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-25333HIGHAn issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link.EPSS 0.3%CVE-2026-30846HIGHWekan Exposes All Global Webhook Integrations through globalwebhooks PublicationEPSS 0.3%CVE-2024-39807LOWChannel IDs of archived/restored channels leaked via webhook eventsEPSS 0.3%CVE-2021-27908MEDIUMIn all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user EPSS 0.3%CVE-2025-25195MEDIUMZulip events can leak private channel namesEPSS 0.3%CVE-2025-32789LOWEspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting FunctionEPSS 0.3%CVE-2024-6551MEDIUMGiveWP <= 3.15.1 - Unauthenticated Full Path DisclosureEPSS 0.3%CVE-2025-68279HIGHWeblate has an arbitrary file read via symbolic linksEPSS 0.3%CVE-2025-12558MEDIUMBeaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information ExposureEPSS 0.3%CVE-2024-34754MEDIUMWordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2026-32265MEDIUMAmazon S3 for Craft CMS has an Information Disclosure vulnerabilityEPSS 0.3%