Weaknesses of type CWE-922
278 resultsCVE-2018-25031MEDIUMSwagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attEPSS 42.3%CVE-2023-41723MEDIUMA vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of tEPSS 12.3%CVE-2020-1493MEDIUMMicrosoft Outlook Information Disclosure VulnerabilityEPSS 7.3%CVE-2024-30896CRITICALInfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with rEPSS 5.2%CVE-2025-29809HIGHWindows Kerberos Security Feature Bypass VulnerabilityEPSS 4.0%CVE-2025-21299HIGHWindows Kerberos Security Feature Bypass VulnerabilityEPSS 2.1%CVE-2024-37728HIGHArbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attackEPSS 1.9%CVE-2021-28815MEDIUMInsecure Storage of Sensitive Information in myQNAPcloud LinkEPSS 1.7%CVE-2024-7569CRITICALAn information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated atEPSS 1.6%CVE-2023-45184MEDIUMIBM i Access Client SolutionsEPSS 1.6%CVE-2023-50298HIGHApache Solr: Solr can expose ZooKeeper credentials via Streaming ExpressionsEPSS 1.6%CVE-2022-0724CRITICALInsecure Storage of Sensitive Information in microweber/microweberEPSS 1.3%CVE-2022-41876HIGHezplatform-graphql GraphQL queries can expose password hashesEPSS 1.3%CVE-2022-40959MEDIUMDuring iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissionEPSS 1.3%CVE-2023-29727CRITICALThe Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its databEPSS 1.2%CVE-2020-7000—VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key fromEPSS 1.1%CVE-2022-0881HIGHInsecure Storage of Sensitive Information in chocobozzz/peertubeEPSS 1.1%CVE-2021-22914—Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored EPSS 1.1%CVE-2024-22773HIGHIntelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in LEPSS 1.0%CVE-2025-12539CRITICALTNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account TakeoverEPSS 0.9%