Falhas do tipo CWE-201

329 resultados

CVE-2017-16026—Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of nonEPSS 2.6%CVE-2020-26085CRITICALCisco Jabber Desktop and Mobile Client Software VulnerabilitiesEPSS 2.5%CVE-2017-2582MEDIUMIt was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining aEPSS 2.5%CVE-2022-27779—libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to reEPSS 2.4%CVE-2016-10518—A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a pingEPSS 2.0%CVE-2024-32825HIGHWordPress Simply Static plugin <= 3.1.3 - Sensitive Data Exposure via Log File vulnerabilityEPSS 2.0%CVE-2024-6586HIGHLightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dEPSS 1.8%CVE-2020-27134CRITICALCisco Jabber Desktop and Mobile Client Software VulnerabilitiesEPSS 1.6%CVE-2016-10519—A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and EPSS 1.6%CVE-2026-24477HIGHAnythingLLM has key leak in `systemSettings.js`EPSS 1.6%CVE-2020-25703—The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. VersiEPSS 1.5%CVE-2025-58098HIGHApache HTTP Server: Server Side Includes adds query string to #exec cmd=...EPSS 1.5%CVE-2020-27748—A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to beEPSS 1.4%CVE-2021-26566HIGHInsertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allEPSS 1.4%CVE-2020-27132CRITICALCisco Jabber Desktop and Mobile Client Software VulnerabilitiesEPSS 1.4%CVE-2020-27127CRITICALCisco Jabber Desktop and Mobile Client Software VulnerabilitiesEPSS 1.3%CVE-2020-1770LOWInformation disclosure in support bundle filesEPSS 1.3%CVE-2018-17245—Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PEPSS 1.3%CVE-2023-49594MEDIUMAn information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A EPSS 1.2%CVE-2022-27671—A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.EPSS 1.2%

← anteriorpágina 1 / 17próxima →