Falhas do tipo CWE-922
278 resultadosCVE-2024-4995CRITICALProtocol Downgrade in Wapro ERP DesktopEPSS 0.9%CVE-2021-36546HIGHIncorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.EPSS 0.9%CVE-2022-1044HIGHSensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudeskEPSS 0.8%CVE-2024-47197HIGHMaven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentialsEPSS 0.8%CVE-2024-44213HIGHAn issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1,EPSS 0.8%CVE-2025-8699CRITICALSome "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to EPSS 0.7%CVE-2019-3684MEDIUMsusemanager installer creates world-readable swap filesEPSS 0.7%CVE-2017-5249—In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not EPSS 0.7%CVE-2017-5250—In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored EPSS 0.7%CVE-2024-48939HIGHInsufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with EPSS 0.7%CVE-2024-22371LOWApache Camel issue on ExchangeCreatedEventEPSS 0.7%CVE-2023-22469MEDIUMNextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cacheEPSS 0.7%CVE-2024-1936HIGHThe encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird'sEPSS 0.7%CVE-2022-44581MEDIUMWordPress Defender Security plugin <= 3.3.2 - Broken Authentication vulnerabilityEPSS 0.7%CVE-2024-25728HIGHExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends tEPSS 0.7%CVE-2023-34056MEDIUMVMware vCenter Server Partial Information Disclosure VulnerabilityEPSS 0.7%CVE-2024-26559MEDIUMAn issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.EPSS 0.7%CVE-2024-21211LOWVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CompileEPSS 0.7%CVE-2024-3717MEDIUMDrag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.7 - Sensitive Information ExposureEPSS 0.7%CVE-2023-6565MEDIUMInfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information ExposureEPSS 0.6%