Fallos del tipo CWE-200

3933 resultados
CVE-2021-20259A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attackeEPSS 0.3%CVE-2025-4593MEDIUMWP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information ExposureEPSS 0.3%CVE-2025-4659MEDIUMIntegration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path DisclosureEPSS 0.3%CVE-2025-12785MEDIUMCertain HP LaserJet Pro Printers – Potential Information DisclosureEPSS 0.3%CVE-2024-27814LOWThis issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device mEPSS 0.3%CVE-2026-2128MEDIUMBreeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login CookieEPSS 0.3%CVE-2024-40850MEDIUMA file access issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macEPSS 0.3%CVE-2022-43539MEDIUM A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position tEPSS 0.3%CVE-2025-8866MEDIUMYugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attackEPSS 0.3%CVE-2025-29628CRITICALA Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home EPSS 0.3%CVE-2022-34674MEDIUMNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical paEPSS 0.3%CVE-2026-46443HIGHFlowise: Credential Data LeakEPSS 0.3%CVE-2023-24012HIGHData Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDSEPSS 0.3%CVE-2025-3628MEDIUMMoodle: moodle assignment submission search leaks anonymous student identitiesEPSS 0.3%CVE-2025-11379MEDIUMWebP Express <= 0.25.9 - Unauthenticated Information ExposureEPSS 0.3%CVE-2025-20383MEDIUMImproper access control through push notifications for reports and alerts in Splunk Secure Gateway appEPSS 0.3%CVE-2025-9987MEDIUMBroadstreet <= 1.53.1 - Authenticated (Subscriber+) Information DisclosureEPSS 0.3%CVE-2025-54345HIGHAn issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an EPSS 0.3%CVE-2026-47124MEDIUMNezha WebSocket server stream discloses cross-tenant server telemetry to authenticated membersEPSS 0.3%CVE-2022-42815MEDIUMThis issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitiveEPSS 0.3%