Falhas do tipo CWE-359
187 resultadosCVE-2025-54124HIGHXWiki Platform: Any user with editing rights can access password properties through Database List PropertiesEPSS 0.4%CVE-2024-6053MEDIUMImproper access control in the clipboard synchronization featureEPSS 0.4%CVE-2025-59843MEDIUMFlagForgeCTF Exposes User Emails via Public /api/user/[username] APIEPSS 0.4%CVE-2024-23211LOWA privacy issue was addressed with improved handling of user preferences. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, EPSS 0.4%CVE-2024-36682HIGHIn the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SEPSS 0.4%CVE-2024-36677HIGHIn the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to eEPSS 0.4%CVE-2024-12041MEDIUMDirectorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings <= 8.0.12 - Unauthenticated User Information ExposureEPSS 0.4%CVE-2024-11206HIGHUnauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.EPSS 0.4%CVE-2025-31276MEDIUMThis issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content mEPSS 0.4%CVE-2025-0969MEDIUMBrizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users FunctionEPSS 0.4%CVE-2025-20060HIGHDario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized ActorEPSS 0.4%CVE-2022-0852—There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could EPSS 0.4%CVE-2024-49765MEDIUMBypass of Discourse Connect using other login paths if enabled in DiscourseEPSS 0.4%CVE-2023-6630MEDIUMContact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-7382MEDIUMInformation Disclosure in MeWare Software's PDKSEPSS 0.3%CVE-2024-13217MEDIUMJeg Elementor Kit <= 2.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via Countdown and Off-CanvasEPSS 0.3%CVE-2025-41685MEDIUMSMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated userEPSS 0.3%CVE-2026-3911LOWOrg.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpointEPSS 0.3%CVE-2024-13228MEDIUMQubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_contentEPSS 0.3%CVE-2025-68945MEDIUMIn Gitea before 1.21.2, an anonymous user can visit a private user's project.EPSS 0.3%