Falhas do tipo CWE-522
550 resultadosCVE-2020-29583CRITICALFirmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this accEPSS 90.0%KEVCVE-2021-30116CRITICALUnauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6EPSS 85.6%KEVCVE-2024-44000CRITICALWordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerabilityEPSS 83.2%CVE-2017-9248CRITICALTelerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect TeEPSS 75.1%KEVCVE-2014-1812HIGHThe Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, aEPSS 64.3%KEVCVE-2024-32238CRITICALH3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the managementEPSS 53.2%CVE-2022-37109CRITICALpatrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to EPSS 49.2%CVE-2017-3192—D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admiEPSS 39.5%CVE-2021-22681CRITICALRockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix contEPSS 25.5%KEVCVE-2023-28131CRITICALA vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that confiEPSS 23.2%CVE-2026-21852MEDIUMClaude Code Leaks Data via Malicious Environment Configuration Before Trust ConfirmationEPSS 23.0%CVE-2018-3609—A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticatEPSS 22.6%CVE-2022-1026HIGHKyocera Net View Address Book ExposureEPSS 15.1%CVE-2023-38548CRITICALA vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of EPSS 11.8%CVE-2024-9014CRITICALOAuth2 client id and secret exposed through the web browser in pgAdmin 4EPSS 9.7%CVE-2021-44451—API sensitive information leakEPSS 7.9%CVE-2021-29262—Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settingsEPSS 7.8%CVE-2017-7486—PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any usEPSS 6.3%CVE-2017-7547—PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackEPSS 5.6%CVE-2022-23223—Apache ShenYu Password leakageEPSS 4.3%