CWE-538: CWE-538

This vulnerability in lte-pic32-writer exposes sensitive API keys and webhook URLs stored in the sendto.txt file to attackers who know the device's IM...

Dell Data Protection Search versions 19.2.0 and above expose LDAP passwords in plain text through the LdapSettings.get_ldap_info function. This allows...

This vulnerability in cri-o allows attackers to inject arbitrary lines into the /etc/passwd file using a specially crafted environment variable. This ...

SINEMA Remote Connect Client versions before V3.1 SP1 expose sensitive information through accessible files and the web interface. This allows authent...

CVE-2020-37104 allows unauthenticated attackers to download database backup files from ASTPP VoIP billing software by brute-forcing predictable 6-digi...

Qlik Sense Enterprise v14.212.13 contains an information leak vulnerability via the /dev-hub/ directory that exposes sensitive data. This affects orga...

This CVE describes an information exposure vulnerability in BVRP Software SLmail where remote attackers can retrieve sensitive server files by appendi...

This vulnerability in Samsung Portable SSD T5 installer allows attackers with existing user access to escalate privileges through arbitrary code execu...

This vulnerability allows authenticated administrators to exploit an exposed webservice to create PDFs with embedded attachments. By specifying intern...

This vulnerability in GitLab CE/EE could expose access tokens in application logs under specific API request conditions. Attackers who gain access to ...

The Import and export users and customers WordPress plugin versions up to 1.27.12 contains a vulnerability where sensitive information can be inserted...

This vulnerability in the TailPress WordPress plugin allows attackers to retrieve embedded sensitive data by accessing externally-accessible files. It...

This vulnerability in the WP-LESS WordPress plugin allows attackers to retrieve sensitive data embedded in CSS files. It affects WordPress sites using...

This vulnerability in IBM Business Automation Workflow containers allows attackers to access sensitive configuration information stored in config maps...

This CVE describes an information disclosure vulnerability in devinfo on MediaTek devices where missing SELinux policies allow unauthorized access to ...

The Shelf Planner WordPress plugin exposes sensitive information through publicly accessible log files in versions up to 2.7.0. Unauthenticated attack...

Dell SupportAssist OS Recovery versions before 5.5.15.0 can expose sensitive information to local low-privileged attackers through file/directory acce...

This vulnerability exposes AWS credentials in Docker script files within JetBrains TeamCity CI/CD servers. Attackers who gain access to these files co...

This vulnerability allows attackers on the local network to discover Brother multi-function printer serial numbers via the eSCL/uscan protocol. The se...

This vulnerability allows unauthenticated attackers to access sensitive configuration information in yimioa software versions before v2024.07.04. The ...

Tandoor Recipes' default NixOS configuration exposes the SQLite database file externally when using SQLite with default MEDIA_ROOT settings. This allo...

TG8 Firewall exposes the /data/ directory via HTTP without authentication, allowing remote attackers to download credential files containing usernames...