Weaknesses of type CWE-598
80 resultsCVE-2025-50709MEDIUMAn issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a GET parameterEPSS 0.3%CVE-2025-41772HIGHwwwupdate.cgi Session token in URLEPSS 0.3%CVE-2023-25524MEDIUM
NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access tokeEPSS 0.3%CVE-2026-44883HIGHPortainer: JWT accepted in URL query leaks tokens to logs and referersEPSS 0.3%CVE-2025-32021LOWWeblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintextEPSS 0.3%CVE-2026-31381MEDIUMGainsight Assist plugin information disclosureEPSS 0.3%CVE-2025-3637LOWMoodle: csrf token exposure via url in moodle mod_data moduleEPSS 0.3%CVE-2026-37504MEDIUMSensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server auEPSS 0.3%CVE-2026-43875MEDIUMWWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account TakeoverEPSS 0.3%CVE-2025-59873MEDIUMSession Token Exposure via URL Query ParametersEPSS 0.3%CVE-2025-69270LOWSpectrum session token in URLEPSS 0.3%CVE-2025-40742MEDIUMA vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 EPSS 0.3%CVE-2026-33620MEDIUMPinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary SystemsEPSS 0.3%CVE-2025-8997MEDIUMOpenText Enterprise Security Manager Information ExposureEPSS 0.3%CVE-2026-34969LOWNhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider CallbackEPSS 0.3%CVE-2026-26721HIGHAn issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via tEPSS 0.3%CVE-2025-24948MEDIUMIn JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.EPSS 0.3%CVE-2026-26196MEDIUMGogs: Access tokens get exposed through URL params in API requestsEPSS 0.3%CVE-2025-50110HIGHAn issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse mEPSS 0.2%CVE-2024-28238LOWSession Token in URL in directusEPSS 0.2%