Weaknesses of type CWE-538
83 resultsCVE-2025-61138HIGHQlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.EPSS 0.3%CVE-2026-33705MEDIUMChamilo LMS has unauthenticated access to Twig template source files exposes application logicEPSS 0.2%CVE-2025-68429HIGHStorybook manager bundle may expose environment variables during buildEPSS 0.2%CVE-2025-8452MEDIUMUnauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.EPSS 0.2%CVE-2026-21672HIGHA vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.EPSS 0.2%CVE-2022-0013MEDIUMCortex XDR Agent: File Information Exposure Vulnerability When Generating Support FileEPSS 0.2%CVE-2024-31954HIGHAn issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directoEPSS 0.2%CVE-2026-29114LOWA vulnerability has been found in some Dahua products. An attacker
may obtain the device’s CA root certificate. If that CA is installed and
EPSS 0.2%CVE-2025-12699MEDIUMZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or DirectoryEPSS 0.2%CVE-2026-50099MEDIUMNaxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directoryEPSS 0.2%CVE-2023-38558MEDIUMA vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration ConsoleEPSS 0.2%CVE-2019-25717MEDIUMDräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File DisclosureEPSS 0.2%CVE-2025-46820HIGHphpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifactEPSS 0.2%CVE-2021-40363—A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versionEPSS 0.2%CVE-2023-5937MEDIUMSensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0EPSS 0.1%CVE-2025-25586MEDIUMyimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.EPSS 0.1%CVE-2026-27173HIGHApache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line ArgumentsEPSS 0.1%CVE-2025-36058MEDIUMMultiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025EPSS 0.1%CVE-2025-52642LOWHCL AION is affected by an internal filesystem paths disloser vulnerabilityEPSS 0.1%CVE-2025-36051MEDIUMIBM QRadar SIEM Information DisclosureEPSS 0.1%