CWE-598
80 CVEs classified under CWE-598. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-69270 | Critical | 9.8 | 2026-01-12 | Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue af… |
CVE-2023-6014 | Critical | 9.8 | 2023-11-16 | An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. |
CVE-2018-14822 | Critical | 9.8 | 2018-10-02 | Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an at… |
CVE-2017-3185 | Critical | 9.8 | 2017-12-16 | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests… |
CVE-2025-69634 | Critical | 9.0 | 2026-02-12 | Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE… |
CVE-2025-50110 | High | 8.8 | 2025-09-15 | An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sen… |
CVE-2025-57800 | High | 8.8 | 2025-08-22 | Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback U… |
CVE-2021-36328 | High | 8.8 | 2021-11-30 | Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability… |
CVE-2020-5331 | High | 8.8 | 2020-05-04 | RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache… |
CVE-2019-18573 | High | 8.8 | 2019-12-18 | The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authent… |
CVE-2022-22551 | High | 8.3 | 2022-01-21 | DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this… |
CVE-2025-56551 | High | 8.2 | 2025-10-03 | An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-c… |
CVE-2024-31206 | High | 8.2 | 2024-04-04 | dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, w… |
CVE-2021-21594 | High | 8.2 | 2021-08-16 | Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclos… |
CVE-2026-23846 | High | 8.1 | 2026-01-19 | Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwo… |
CVE-2019-6531 | High | 8.1 | 2019-04-02 | An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.131… |
CVE-2022-24414 | High | 7.6 | 2022-05-26 | Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server… |
CVE-2026-44883 | High | 7.5 | 2026-05-28 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and… |
CVE-2026-34020 | High | 7.5 | 2026-04-09 | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and pa… |
CVE-2026-34969 | High | 7.5 | 2026-04-06 | Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly i… |