CWE-538 · Insertion of Sensitive Information into Externally-Accessible File or Directory
92 CVEs classified under CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-28444 | Critical | 9.9 | 2023-03-24 | angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-s… |
CVE-2016-20024 | Critical | 9.8 | 2026-03-16 | ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable fil… |
CVE-2025-12059 | Critical | 9.8 | 2026-02-11 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows E… |
CVE-2023-46723 | High | 8.9 | 2023-10-31 | lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading… |
CVE-2026-49298 | High | 8.8 | 2026-06-01 | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker contain… |
CVE-2026-21672 | High | 8.8 | 2026-03-12 | A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. |
CVE-2023-7062 | High | 8.8 | 2024-07-10 | The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possibl… |
CVE-2024-22433 | High | 8.8 | 2024-02-06 | Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remot… |
CVE-2022-23508 | High | 8.8 | 2023-01-09 | Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability i… |
CVE-2026-27173 | High | 8.7 | 2026-05-19 | JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users wit… |
CVE-2022-4318 | High | 7.8 | 2023-09-25 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. |
CVE-2021-40363 | High | 7.8 | 2022-02-09 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMA… |
CVE-2021-21250 | High | 7.7 | 2021-01-15 | OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpe… |
CVE-2024-22045 | High | 7.6 | 2024-03-12 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directori… |
CVE-2023-54346 | High | 7.5 | 2026-05-05 | WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database ba… |
CVE-2019-25706 | High | 7.5 | 2026-04-12 | Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive inf… |
CVE-2020-37104 | High | 7.5 | 2026-02-11 | ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filen… |
CVE-2025-61138 | High | 7.5 | 2025-11-20 | Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. |
CVE-2023-4595 | High | 7.5 | 2023-11-23 | An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the serve… |
CVE-2019-6851 | High | 7.5 | 2019-10-29 | A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions… |