Falhas do tipo CWE-200

3.924 resultados
CVE-2026-41266HIGHFlowise: Sensitive Data Leak in public-chatbotConfigEPSS 0.3%CVE-2023-43123Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary filesEPSS 0.3%CVE-2026-0950MEDIUMSpectra Gutenberg Blocks <= 2.19.17 - Unauthenticated Information Disclosure in Sensitive DataEPSS 0.3%CVE-2026-40965CRITICALCloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC EPSS 0.3%CVE-2025-0525LOWIn affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could EPSS 0.3%CVE-2024-43237MEDIUMWordPress Tag Groups plugin <= 2.0.3 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2026-30846HIGHWekan Exposes All Global Webhook Integrations through globalwebhooks PublicationEPSS 0.3%CVE-2025-30352MEDIUMDirectus `search` query parameter allows enumeration of non permitted fieldsEPSS 0.3%CVE-2025-32789LOWEspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting FunctionEPSS 0.3%CVE-2024-39807LOWChannel IDs of archived/restored channels leaked via webhook eventsEPSS 0.3%CVE-2024-35682MEDIUMWordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2021-27908MEDIUMIn all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user EPSS 0.3%CVE-2025-22956CRITICALOPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalatEPSS 0.3%CVE-2025-25333HIGHAn issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link.EPSS 0.3%CVE-2025-25195MEDIUMZulip events can leak private channel namesEPSS 0.3%CVE-2024-10084MEDIUMContact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via ShortcodeEPSS 0.3%CVE-2025-68279HIGHWeblate has an arbitrary file read via symbolic linksEPSS 0.3%CVE-2026-32266LOWGoogle Cloud Storage for Craft CMS has an Information Disclosure VulnerabilityEPSS 0.3%CVE-2026-20800MEDIUMNotification API Leaks Private Repository Issue Titles After Collaborator Permission RevocationEPSS 0.3%CVE-2021-43937HIGHElcomplus SmartPTT SCADA Server Cross-site Request ForgeryEPSS 0.3%