Falhas do tipo CWE-209

370 resultados

CVE-2024-29059HIGH.NET Framework Information Disclosure VulnerabilityEPSS 98.8%KEV CVE-2025-62168CRITICALSquid vulnerable to information disclosure via authentication credential leakage in error handlingEPSS 63.3%CVE-2013-7331MEDIUMThe Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnaEPSS 58.0%KEV CVE-2025-47813MEDIUMloginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UIEPSS 56.4%KEV CVE-2021-30357—SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows pEPSS 22.8%CVE-2024-21733MEDIUMApache Tomcat: Leaking of unrelated request bodies in default error pageEPSS 14.3%CVE-2024-45440MEDIUMcore/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_coEPSS 9.3%CVE-2022-29266—apisix/jwt-auth may leak secrets in error responseEPSS 7.7%CVE-2022-0660CRITICALGeneration of Error Message Containing Sensitive Information in microweber/microweberEPSS 6.9%CVE-2023-20593—An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive informationEPSS 5.8%CVE-2018-12536—In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doEPSS 4.3%CVE-2021-22885—A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymEPSS 4.2%CVE-2024-39719HIGHAn issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route witEPSS 4.1%CVE-2023-27587HIGHReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive informatioEPSS 3.9%CVE-2026-29146HIGHApache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by defaultEPSS 3.6%CVE-2021-25958MEDIUMGeneration of Error Message Containing Sensitive Information in Apache OFBizEPSS 2.6%CVE-2024-44762MEDIUMA discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.EPSS 2.5%CVE-2019-7612—A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is sEPSS 2.4%CVE-2024-28939HIGHMicrosoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityEPSS 2.3%CVE-2025-9977MEDIUMImproper neutralization of input in Times Software E-PAYROLLEPSS 2.1%

← anteriorpágina 1 / 19próxima →