CWE-214
20 CVEs classified under CWE-214. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-16837 | High | 7.8 | 2018-10-23 | Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials… |
CVE-2019-3869 | High | 7.2 | 2019-03-28 | When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious use… |
CVE-2024-4254 | High | 7.1 | 2024-06-04 | The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper… |
CVE-2025-5452 | Medium | 6.6 | 2025-11-11 | A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege es… |
CVE-2025-1333 | Medium | 6.0 | 2025-05-01 | IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5… |
CVE-2025-32987 | Medium | 6.0 | 2025-04-15 | Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module is used, places a cleartext password on a command line in EVSearcher. |
CVE-2024-28799 | Medium | 5.6 | 2024-08-14 | IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local p… |
CVE-2026-40159 | Medium | 5.5 | 2026-04-10 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spawning background servers via stdio us… |
CVE-2020-1753 | Medium | 5.0 | 2020-03-16 | A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versi… |
CVE-2024-39314 | Medium | 4.7 | 2024-07-01 | toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked t… |
CVE-2021-32638 | Medium | 4.4 | 2021-05-25 | Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repo… |
CVE-2025-53860 | Medium | 4.1 | 2025-10-15 | A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) inform… |
CVE-2025-48709 | Low | 3.8 | 2025-08-07 | BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe th… |
CVE-2024-1742 | Low | 3.8 | 2024-03-22 | Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24… |
CVE-2018-17957 | Low | 3.4 | 2018-12-26 | The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing lo… |
CVE-2026-41357 | Low | 3.3 | 2026-04-23 | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child proce… |
CVE-2025-59955 | | 2026-01-05 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 h… | |
CVE-2020-36771 | | 2024-01-22 | CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authe… | |
CVE-2021-3859 | | 2022-08-26 | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out deni… | |
CVE-2020-5422 | | 2020-10-02 | BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any… |