CWE-202
21 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-202page 1 of 1
- CVE-2019-19000MEDIUMCVSS 6.5EG 6.52020-04-02
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.
- CVE-2019-19091MEDIUMCVSS 4.3EG 4.32020-04-02
For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.
- CVE-2021-1372MEDIUMCVSS 5.5EG 5.52021-02-17
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsaf…
- CVE-2021-32743HIGHCVSS 8.8EG 8.82021-07-15
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of…
- CVE-2021-34782MEDIUMCVSS 4.3EG 4.32021-10-06
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability …
- CVE-2021-4159MEDIUMCVSS 4.4EG 4.42022-08-24
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use…
- CVE-2022-20747MEDIUMCVSS 6.5EG 6.52022-04-15
A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization ch…
- CVE-2022-20810MEDIUMCVSS 6.5EG 6.52022-09-30
A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is…
- CVE-2022-41623HIGHCVSS 7.5EG 7.52022-10-14
Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.
- CVE-2023-0785LOWCVSS 3.7EG 5.32023-02-12
A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username lea…
- CVE-2023-1625HIGHCVSS 7.4EG 7.42023-09-24
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidenti…
- CVE-2023-20215MEDIUMCVSS 5.8EG 5.82023-08-03
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. …
- CVE-2023-7072HIGHCVSS 7.5EG 7.52024-03-12
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticate…
- CVE-2024-1287MEDIUMCVSS 6.5EG 6.52024-07-30
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector.
- CVE-2024-20388MEDIUMCVSS 5.3EG 5.32024-10-23
A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to imprope…
- CVE-2024-2088HIGHCVSS 8.5EG 8.52024-05-22
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated a…
- CVE-2024-38892MEDIUMCVSS 6.5EG 6.52024-06-24
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
- CVE-2024-38895MEDIUMCVSS 5.3EG 5.32024-06-24
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
- CVE-2024-38897MEDIUMCVSS 5.3EG 5.32024-06-24
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
- CVE-2024-6400HIGHCVSS 7.5EG 7.52024-10-04
Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Dat…
- CVE-2026-42797MEDIUMCVSS 4.9EG 0.02026-05-25
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient …
Map vulnerabilities like CWE-202 to your infrastructure
EchelonGraph correlates every CVE — across CWE-202 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →