Falhas do tipo CWE-598
80 resultadosCVE-2026-25118MEDIUMimmich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared AlbumsEPSS 0.4%CVE-2024-23766HIGHAn issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET rEPSS 0.4%CVE-2022-34452LOW
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An AuthenticateEPSS 0.4%CVE-2025-57800HIGHAudiobookshelf vulnerable to OIDC token exfiltration and account takeoverEPSS 0.4%CVE-2025-26473HIGHOutback Power Mojave Inverter Use of GET Request Method With Sensitive Query StringsEPSS 0.4%CVE-2024-38863LOWCSRF token leaked in URL parametersEPSS 0.4%CVE-2026-23846HIGHTugtainer vulnerable to Password Exposure via URL Query ParameterEPSS 0.4%CVE-2025-2356MEDIUMBlackVue App API deviceDelete get request method with sensitive query stringsEPSS 0.4%CVE-2022-22551HIGHDELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentEPSS 0.4%CVE-2025-49188MEDIUMSensitive Data in URLEPSS 0.4%CVE-2025-22387HIGHAn issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where thEPSS 0.4%CVE-2023-50954MEDIUMIBM InfoSphere Information Server information disclosureEPSS 0.4%CVE-2025-58584MEDIUMPlain Text Transmission of Username and Password in the URLEPSS 0.4%CVE-2024-32931MEDIUMexacqVison - Token Disclosed in URLEPSS 0.4%CVE-2024-12012MEDIUMA CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware verEPSS 0.4%CVE-2021-41719HIGHMaharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using EPSS 0.3%CVE-2024-41738MEDIUMIBM TXSeries for Multiplatforms information disclosureEPSS 0.3%CVE-2025-13219MEDIUMMultiple vulnerabilities in IBM Aspera OrchestratorEPSS 0.3%CVE-2025-56551HIGHAn issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with aEPSS 0.3%CVE-2024-31206HIGHUse of Unencrypted HTTP Request in dectalk-ttsEPSS 0.3%