Falhas do tipo CWE-202
35 resultadosCVE-2025-25205HIGHRemote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matchingEPSS 3.8%CVE-2025-69200HIGHphpMyFAQ has unauthenticated config backup download via /api/setup/backupEPSS 2.0%CVE-2021-32743HIGHPasswords used to access external services inadvertently exposed through APIEPSS 1.8%CVE-2019-19000MEDIUMeSOMS Cachecontrol (Pragma) HTTP HeaderEPSS 1.1%CVE-2022-20747MEDIUMCisco SD-WAN vManage Software Information Disclosure VulnerabilityEPSS 0.9%CVE-2023-0785LOWSourceCodester Best Online News Portal check_availability.php information exposureEPSS 0.9%CVE-2019-19091MEDIUMABB eSOMS: HTTP response information leakageEPSS 0.8%CVE-2021-34782MEDIUMCisco DNA Center Information Disclosure VulnerabilityEPSS 0.8%CVE-2023-1625HIGHInformation leak in apiEPSS 0.7%CVE-2022-41623HIGHWordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerabilityEPSS 0.7%CVE-2025-59352MEDIUMDragonfly allows arbitrary file read and write on a peer machineEPSS 0.7%CVE-2022-20810MEDIUMCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure VulnerabilityEPSS 0.7%CVE-2023-7072HIGHPost Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API EndpointEPSS 0.6%CVE-2024-6400HIGHCleartext Storage of Username and Password in Finrota's NetahsilatEPSS 0.6%CVE-2026-30778HIGHApache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.EPSS 0.5%CVE-2024-1287MEDIUMPaid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure via SQLiEPSS 0.5%CVE-2026-40245HIGHFree5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authenticationEPSS 0.5%CVE-2024-13255HIGHRESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019EPSS 0.5%CVE-2023-20215MEDIUMA vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attaEPSS 0.5%CVE-2025-68456HIGHUnauthenticated Craft CMS users can trigger a database backupEPSS 0.5%