CVEs classified under CWE-214, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2026-12250 — CVSS 7.9 (high): Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus…
CVE-2020-36771 — CVSS 7.8 (high): CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local…
CVE-2021-3859 — CVSS 7.5 (high): A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an…
CVE-2024-4254 — CVSS 7.1 (high): The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets…
CVE-2025-5452 — CVSS 6.6 (medium): A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to…
CVE-2025-1333 — CVSS 6.0 (medium): IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0…
CVE-2025-32987 — CVSS 6.0 (medium): Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module is used, places a cleartext password on a command line…
CVE-2024-28799 — CVSS 5.6 (medium): IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data…
CVE-2025-53860 — CVSS 4.1 (medium): A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security…
CVE-2024-1742 — CVSS 3.8 (low): Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk…
CVE-2026-41357 — CVSS 3.3 (low): OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized…