Fallos del tipo CWE-200
3924 resultadosCVE-2024-39353LOWRemoteClusterFrame payloads are audit logged in fullEPSS 0.3%CVE-2026-34518LOWAIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirectEPSS 0.3%CVE-2025-1714MEDIUMUsername Enumeration in GliffyEPSS 0.3%CVE-2025-69822HIGHAn issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privEPSS 0.3%CVE-2025-57433MEDIUMThe 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a speciEPSS 0.3%CVE-2025-32044HIGHMoodle: unauthenticated rest api user data exposureEPSS 0.3%CVE-2025-31225HIGHA privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps maEPSS 0.3%CVE-2024-27897HIGHInput verification vulnerability in the call module.
Impact: Successful exploitation of this vulnerability may affect service confidentialitEPSS 0.3%CVE-2023-39383—Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromisEPSS 0.3%CVE-2026-28559MEDIUMwpForo Forum 2.4.14 Information Disclosure via Global RSS FeedEPSS 0.3%CVE-2023-41293—Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.EPSS 0.3%CVE-2026-40166HIGHauthentik: Non-admin user can retrieve confidential OAuth client_secret via /api/v3/oauth2/access_tokens/EPSS 0.3%CVE-2023-44093—Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affeEPSS 0.3%CVE-2022-48516—Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerabilityEPSS 0.3%CVE-2026-46790MEDIUMVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.3%CVE-2026-35442HIGHDirectus: Authenticated Users Can Extract Concealed Fields via Aggregate QueriesEPSS 0.3%CVE-2025-49845MEDIUMDiscourse users are able to see their own whispers even after being removed from a group that has been configured to see whispersEPSS 0.3%CVE-2025-12512MEDIUMGenerateBlocks <= 2.1.2 - Authenticated (Contributor+) Information Exposure via MetadataEPSS 0.3%CVE-2024-12532MEDIUMBWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplatesEPSS 0.3%CVE-2025-2786MEDIUMTempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operatorEPSS 0.3%