Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-538

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

90 vulnerabilities with CWE-538

CVE-2026-50099 MEDIUM

Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

CVE-2026-50565 MEDIUM

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

CVE-2026-46617 HIGH

Fission < 1.23.0 Runtime Pods - Service Account Token Exposure

CVE-2026-29114 LOW

Dahua Ipc - Insertion of Sensitive Information into Externally-Accessible File or Directory

CVE-2026-10254 MEDIUM

SourceCodester Pet Grooming Management Software admin file information disclosure

CVE-2026-49298 HIGH

Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

CVE-2026-27173 HIGH

Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

CVE-2026-7071 MEDIUM

CodeAstro Online Job Portal user-cvs file information disclosure

CVE-2026-6160 MEDIUM

code-projects Simple ChatBox Endpoint chatbox.sql SimpleChatbox_PHP file information disclosure

CVE-2026-33705 MEDIUM

Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

CVE-2026-21672 HIGH

Veeam Backup & Replication - Privilege Escalation

CVE-2026-2817 MEDIUM

Spring Data Geode - Info Disclosure

CVE-2026-23838 HIGH

Tandoor Recipes <26.05 - Info Disclosure

CVE-2025-36051 MEDIUM

IBM QRadar SIEM Information Disclosure

CVE-2025-52642 LOW

HCL AION is affected by an internal filesystem paths disloser vulnerability

CVE-2025-12059 CRITICAL

Logo j-Platform <3.34.8.9 - Info Disclosure

CVE-2025-12699 MEDIUM

ZOLL ePCR IOS - Stored Cross-Site Scripting in WebView via PCR Field Input

CVE-2025-36058 MEDIUM

IBM Business Automation Workflow <25.0.0-24.0.1 - Info Disclosure

CVE-2025-68429 HIGH

Storybook 7.0.0-7.6.20, 8.0.0-8.6.14, 9.0.0-9.1.16, 10.0.0-10.1.9 - .env File Exposure

CVE-2025-61138 HIGH

Qlik Sense Enterprise <14.212.13 - Info Disclosure

CVE-2025-11891 MEDIUM

Shelf Planner <2.7.0 - Info Disclosure

CVE-2025-46602 MEDIUM

Dell SupportAssist OS Recovery <5.5.15.0 - Info Disclosure

CVE-2025-11079 MEDIUM

Campcodes Farm Management System 1.0 - Info Disclosure

CVE-2025-58458 MEDIUM

Jenkins Git client Plugin <6.3.2 - Info Disclosure

CVE-2025-57734 MEDIUM

JetBrains TeamCity <2025.07.1 - Info Disclosure

Page 1 of 4 Next

Details

Vulnerabilities 90

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy