CWE-402
22 CVEs classified under CWE-402. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-31410 | High | 8.6 | 2021-04-23 | Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via… |
CVE-2021-31407 | High | 8.6 | 2021-04-23 | Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0… |
CVE-2025-48383 | High | 8.2 | 2025-05-27 | Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and M… |
CVE-2021-23264 | High | 8.1 | 2021-12-02 | Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. |
CVE-2024-29900 | High | 7.5 | 2024-03-29 | Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A… |
CVE-2022-3596 | High | 7.5 | 2023-09-20 | An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP… |
CVE-2023-34467 | High | 7.5 | 2023-06-23 | XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation confi… |
CVE-2025-67745 | High | 7.1 | 2025-12-18 | MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the w… |
CVE-2024-47146 | Medium | 6.5 | 2024-12-06 | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffin… |
CVE-2017-8442 | Medium | 6.5 | 2017-07-07 | Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, su… |
CVE-2021-23263 | Medium | 5.9 | 2021-12-02 | Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). |
CVE-2025-49618 | Medium | 5.8 | 2025-07-03 | In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint. |
CVE-2024-0443 | Medium | 5.5 | 2024-01-11 | A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is be… |
CVE-2023-4569 | Medium | 5.5 | 2023-08-28 | A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause dou… |
CVE-2025-52925 | Medium | 5.0 | 2025-07-02 | In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812. |
CVE-2022-30231 | Medium | 4.9 | 2022-06-14 | A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon… |
CVE-2025-55014 | Medium | 4.7 | 2025-08-04 | The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and… |
CVE-2025-66422 | Medium | 4.3 | 2025-11-30 | Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6… |
CVE-2023-38509 | Medium | 4.3 | 2023-07-27 | XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10… |
CVE-2025-32360 | Medium | 4.2 | 2025-04-05 | In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer… |