Weaknesses of type CWE-402
23 resultsCVE-2021-31407HIGHServer classes and resources exposure in OSGi applications using Vaadin 12-14 and 19EPSS 2.4%CVE-2021-31410HIGHProject sources exposure in Vaadin DesignerEPSS 1.7%CVE-2021-23263MEDIUMTransmission of Private Resources into a New Sphere ('Resource Leak') in Crafter EngineEPSS 1.6%CVE-2024-32388MEDIUMDue to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allowEPSS 1.4%CVE-2021-23264HIGHTransmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter SearchEPSS 1.1%CVE-2022-3596HIGHInstack-undercloud: rsync leaks information to undercloudEPSS 1.1%CVE-2023-34467HIGHXWiki Platform may retrieve email addresses of all users EPSS 1.0%CVE-2017-8442—Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuratEPSS 0.9%CVE-2025-29925HIGHXWiki allows unregistered users to access private pages information through REST endpointEPSS 0.9%CVE-2023-38509MEDIUMXWiki Platform's obfuscated email addresses should not be sortedEPSS 0.7%CVE-2024-29900HIGH@electron/packager's build process memory potentially leaked into final executableEPSS 0.6%CVE-2022-30231MEDIUMA vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes EPSS 0.6%CVE-2025-0502MEDIUMTransmission of Private Resources into a New Sphere in Crafter EngineEPSS 0.4%CVE-2025-55014MEDIUMThe YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dEPSS 0.4%CVE-2025-49618MEDIUMIn Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.EPSS 0.3%CVE-2023-4569MEDIUMKernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.cEPSS 0.3%CVE-2024-47146HIGHRuijie Reyee OS Resource LeakEPSS 0.3%CVE-2025-48383HIGHDjango-Select2 Vulnerable to Widget Instance Secret Cache Key LeakingEPSS 0.3%CVE-2024-0443MEDIUMKernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.EPSS 0.2%CVE-2025-66422MEDIUMTryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4EPSS 0.2%