CWE-598

80 CVEs classified under CWE-598. Browse by severity and year.

Top CVEs for CWE-598
CVESeverityScorePublishedSummary
CVE-2025-69270Critical9.82026-01-12Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue af…
CVE-2023-6014Critical9.82023-11-16An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVE-2018-14822Critical9.82018-10-02Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an at…
CVE-2017-3185Critical9.82017-12-16ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests…
CVE-2025-69634Critical9.02026-02-12Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE…
CVE-2025-50110High8.82025-09-15An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sen…
CVE-2025-57800High8.82025-08-22Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback U…
CVE-2021-36328High8.82021-11-30Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability…
CVE-2020-5331High8.82020-05-04RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache…
CVE-2019-18573High8.82019-12-18The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authent…
CVE-2022-22551High8.32022-01-21DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this…
CVE-2025-56551High8.22025-10-03An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-c…
CVE-2024-31206High8.22024-04-04dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, w…
CVE-2021-21594High8.22021-08-16Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclos…
CVE-2026-23846High8.12026-01-19Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwo…
CVE-2019-6531High8.12019-04-02An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.131…
CVE-2022-24414High7.62022-05-26Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server…
CVE-2026-44883High7.52026-05-28Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and…
CVE-2026-34020High7.52026-04-09Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and pa…
CVE-2026-34969High7.52026-04-06Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly i…