CVEs classified under CWE-202, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (30)
CVE-2021-32743 — CVSS 8.8 (high): Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data…
CVE-2024-2088 — CVSS 8.5 (high): The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to…
CVE-2025-25205 — CVSS 8.2 (high): Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the…
CVE-2026-33530 — CVSS 7.7 (high): InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations…
CVE-2026-30778 — CVSS 7.5 (high): The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects…
CVE-2025-69200 — CVSS 7.5 (high): phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a…
CVE-2025-36575 — CVSS 7.5 (high): Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An…
CVE-2025-29981 — CVSS 7.5 (high): Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An…
CVE-2024-13255 — CVSS 7.5 (high): Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue…
CVE-2024-6400 — CVSS 7.5 (high): Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat…
CVE-2023-7072 — CVSS 7.5 (high): The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to…
CVE-2022-41623 — CVSS 7.5 (high): Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.
CVE-2023-1625 — CVSS 7.4 (high): An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show'…
CVE-2024-1287 — CVSS 6.5 (medium): The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other…
CVE-2024-38892 — CVSS 6.5 (medium): An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
CVE-2022-20810 — CVSS 6.5 (medium): A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family…
CVE-2022-20747 — CVSS 6.5 (medium): A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to…
CVE-2023-20215 — CVSS 5.8 (medium): A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote…
CVE-2021-1372 — CVSS 5.5 (medium): A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker…
CVE-2026-3546 — CVSS 5.3 (medium): The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2…
CVE-2026-25050 — CVSS 5.3 (medium): Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the `NativeAuthenticationStrategy.authenticate()` method is…
CVE-2025-64528 — CVSS 5.3 (medium): Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a…
CVE-2024-20388 — CVSS 5.3 (medium): A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote…
CVE-2025-64504 — CVSS 5.0 (medium): Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1…
CVE-2026-42797 — CVSS 4.9 (medium): Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for…
CVE-2021-4159 — CVSS 4.4 (medium): A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be…
CVE-2021-34782 — CVSS 4.3 (medium): A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive…
CVE-2023-0785 — CVSS 3.7 (low): A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an…