CWE-540
29 CVEs classified under CWE-540. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-39250 | High | 7.8 | 2023-08-16 | Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV… |
CVE-2021-28805 | High | 7.8 | 2021-06-11 | Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows at… |
CVE-2026-45728 | High | 7.5 | 2026-05-26 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode… |
CVE-2026-4155 | High | 7.5 | 2026-04-11 | ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to dis… |
CVE-2025-49182 | High | 7.5 | 2025-06-12 | Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the a… |
CVE-2024-1272 | High | 7.5 | 2024-06-05 | Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue a… |
CVE-2024-38327 | Medium | 6.8 | 2025-07-10 | IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could… |
CVE-2026-35383 | Medium | 6.5 | 2026-04-02 | Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate… |
CVE-2021-34638 | Medium | 6.5 | 2021-08-05 | Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file info… |
CVE-2025-0923 | Medium | 5.3 | 2025-06-11 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in… |
CVE-2024-35144 | Medium | 5.3 | 2025-01-25 | IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. |
CVE-2024-2265 | Medium | 5.3 | 2024-03-07 | A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.s… |
CVE-2023-30802 | Medium | 5.3 | 2023-10-10 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can… |
CVE-2023-23448 | Medium | 5.3 | 2023-05-15 | Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 a… |
CVE-2021-34744 | Medium | 4.9 | 2021-10-06 | Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login c… |
CVE-2021-34757 | Medium | 4.9 | 2021-10-06 | Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login c… |
CVE-2026-22275 | Medium | 4.4 | 2026-01-23 | Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulne… |
CVE-2025-36299 | Medium | 4.3 | 2025-11-17 | IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. |
CVE-2024-27257 | Medium | 4.3 | 2024-09-10 | IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users. |
CVE-2024-39729 | Medium | 4.3 | 2024-07-15 | IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be us… |