CWE-402: CWE-402

This vulnerability in Vaadin Designer allows remote attackers to access project source files through specially crafted HTTP requests due to overly per...

This vulnerability in Vaadin's OSGi integration allows attackers to access server-side application classes and resources via crafted HTTP requests. It...

Django-Select2 versions before 8.4.1 leak secret access tokens across requests in HeavySelect2Mixin subclasses, allowing unauthorized users to access ...

CVE-2021-23264 allows unauthenticated remote attackers to create, view, and delete search indexes in unprotected crafter-search installations. This af...

Electron Packager versions before 18.3.1 leak random segments of Node.js heap memory into bundled executables, potentially exposing sensitive informat...

CVE-2022-3596 is an information disclosure vulnerability in OpenStack's undercloud that allows unauthenticated remote attackers to access sensitive da...

This vulnerability in XWiki Platform allows attackers to retrieve email addresses of all users even when mail obfuscation is enabled. While emails app...

MyHoard versions 1.0.1 through 1.2.x log backup information including encryption keys in certain cases, potentially exposing sensitive database backup...

This vulnerability allows an attacker to obtain the serial number of Ruijie Reyee OS devices by sniffing RAW WiFi signals when physically adjacent. It...

This vulnerability in Plesk Obsidian allows unauthenticated attackers to access AWS credentials via a specific endpoint. It affects Plesk Obsidian 18....

A firewall misconfiguration in Kerlink devices running KerOS prior to version 5.12 allows attackers to bypass firewall protections by sending speciall...

XWiki Platform REST endpoints improperly list protected pages even when users lack view permissions. This information disclosure vulnerability affects...

The YouDao plugin in StarDict sends X11 clipboard selections to remote servers via unencrypted HTTP, exposing potentially sensitive copied text to net...

This vulnerability in Tryton's trytond server allows remote attackers to obtain sensitive trace-back information that reveals server setup details. It...

This vulnerability in Zammad allows logged-in customers to view and manipulate shared article drafts intended only for agents. Customers can access co...