CWE-538 · Insertion of Sensitive Information into Externally-Accessible File or Directory

92 CVEs classified under CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory). Browse by severity and year.

Top CVEs for CWE-538
CVESeverityScorePublishedSummary
CVE-2023-28444Critical9.92023-03-24angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-s…
CVE-2016-20024Critical9.82026-03-16ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable fil…
CVE-2025-12059Critical9.82026-02-11Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows E…
CVE-2023-46723High8.92023-10-31lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading…
CVE-2026-49298High8.82026-06-01A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker contain…
CVE-2026-21672High8.82026-03-12A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
CVE-2023-7062High8.82024-07-10The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possibl…
CVE-2024-22433High8.82024-02-06 Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remot…
CVE-2022-23508High8.82023-01-09Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability i…
CVE-2026-27173High8.72026-05-19JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users wit…
CVE-2022-4318High7.82023-09-25A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVE-2021-40363High7.82022-02-09A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMA…
CVE-2021-21250High7.72021-01-15OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpe…
CVE-2024-22045High7.62024-03-12A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directori…
CVE-2023-54346High7.52026-05-05WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database ba…
CVE-2019-25706High7.52026-04-12Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive inf…
CVE-2020-37104High7.52026-02-11ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filen…
CVE-2025-61138High7.52025-11-20Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.
CVE-2023-4595High7.52023-11-23An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the serve…
CVE-2019-6851High7.52019-10-29A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions…