CWE-598: CWE-598

CVE-2021-36328 is a SQL injection vulnerability in Dell EMC Streaming Data Platform that allows remote attackers to execute arbitrary SQL commands. Th...

Dell EMC AppSync versions 3.9 to 4.3 transmit sensitive session information via GET request query strings, which can be intercepted by adjacent attack...

This vulnerability in DirectAdmin v1.680 allows unauthenticated attackers to manipulate the login page layout and replace it with malicious content vi...

Dell PowerScale OneFS versions 8.2.2 through 9.1.0.x have a vulnerability where sensitive data can be exposed through GET requests containing sensitiv...

CVE-2026-23846 is a sensitive information exposure vulnerability in Tugtainer where passwords are transmitted via URL query parameters instead of secu...

Dell EMC CloudLink versions 7.1.3 and earlier expose authentication tokens in GET request URLs, which can be logged by reverse proxies and servers. At...

The Mojave Inverter uses HTTP GET requests to transmit sensitive information, potentially exposing credentials or configuration data in URLs, logs, or...

This vulnerability in Optimizely Configured Commerce exposes session tokens in URL parameters, allowing attackers to hijack authenticated user session...

This vulnerability exposes CSRF tokens in URL query parameters in Checkmk monitoring software, allowing attackers to steal these tokens. Attackers can...

CVE-2024-23766 is an unauthenticated denial-of-service vulnerability in HMS Anybus X-Gateway AB7832-F 3 devices. Attackers can send a simple GET reque...

This vulnerability in Secomea GateManager's LMM API allows system administrators to hijack connections by exposing sensitive information through query...

This vulnerability in Key Systems Inc Global Facilities Management Software allows remote attackers to access sensitive information through the sid qu...

IBM i operating systems (versions 7.2-7.6) have an information disclosure vulnerability in the database plan cache implementation. Authenticated users...

The Trivision Camera NC227WF v5.8.0 transmits passwords in URL query strings, exposing authentication credentials to network eavesdroppers and interme...

HCL ZIE for Web v16 transmits sensitive session tokens and authentication identifiers in URL query parameters, allowing attackers who can access netwo...

IBM TXSeries for Multiplatforms 10.1 has an information disclosure vulnerability where sensitive data in HTTP GET query strings can be intercepted via...

This vulnerability exposes password hashes and session tokens in URLs due to improper use of GET requests with sensitive data in the 130.8005 TCP/IP G...

QuickCMS transmits user credentials via GET requests instead of POST, exposing passwords and login information in browser history and server logs. Thi...

An authenticated arbitrary file download vulnerability in Mccms v2.7.0 allows attackers with admin access to download any file from the server via a c...

This vulnerability allows attackers to steal authentication tokens when they are passed in URL query parameters, potentially enabling session hijackin...

This vulnerability exposes authentication credentials transmitted via URL parameters, which can be unintentionally stored in server logs, browser hist...

This vulnerability in Siemens SIPROTEC 5 devices exposes session identifiers in URL requests, potentially allowing attackers to retrieve sensitive ses...

This vulnerability in Perplexity AI GPT-4 allows remote attackers to access sensitive information through GET parameters. It affects systems running v...

IBM InfoSphere Information Server 11.7 exposes sensitive information in URLs, potentially revealing system details that could aid attackers in reconna...

Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection, allowing attackers to capture these tokens via browser history, logs, ...

This vulnerability in Tridium Niagara Framework and Enterprise Security allows attackers to inject parameters through GET requests with sensitive quer...