Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-538

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

90 vulnerabilities with CWE-538

CVE-2025-8452 MEDIUM

Brother DCP-L8410CDW and MFC-L Series - Sensitive Information Exposure via eSCL/uscan Protocol

CVE-2025-46820 HIGH

phpgt/Dom < 4.1.8 - Exposure of Sensitive Information via GitHub Token in Workflow Artifact

CVE-2025-20665 MEDIUM

Android - Local Information Disclosure via Missing SELinux Policy in devinfo

CVE-2025-31421 MEDIUM

Oblak Studio Srbtranslatin <3.2.0 - Info Disclosure

CVE-2025-31558 MEDIUM

Greg TailPress <0.4.4 - Info Disclosure

CVE-2025-31550 MEDIUM

thom4 WP-LESS <= 1.9.6 - Sensitive Data Exposure via Externally-Accessible File

CVE-2025-25586 MEDIUM

yimioa < 2024-07-04 - Information Disclosure via /resources/application.yml

CVE-2025-27017 MEDIUM

Apache NiFi <2.3.0 - Info Disclosure

CVE-2025-27150 MEDIUM

Tuleap <16.4.99.1740492866, <16.3-11 - Info Disclosure

CVE-2025-22633 MEDIUM

Give - Divi Donation Modules <2.0.0 - Info Disclosure

CVE-2025-24689 MEDIUM

Import and export users and customers <= 1.27.12 - Sensitive Data Exposure via Externally-Accessible File

CVE-2025-22773 MEDIUM

WPChill Htaccess File Editor <1.0.19 - Info Disclosure

CVE-2025-0194 MEDIUM

GitLab CE/EE <17.5.5-17.7.1 - Info Disclosure

CVE-2025-22306 MEDIUM

Link Whisper Free <0.7.7 - Info Disclosure

CVE-2024-51977 MEDIUM

Multiple Brother devices authentication bypass via default administrator password generation

CVE-2024-6880 MEDIUM

MegaBIP < 5.15 - Sensitive Information Exposure via Registered.php

CVE-2024-47580 MEDIUM

SAP NetWeaver AS for JAVA (Adobe Document Services) - Information Disclosure

CVE-2024-47579 MEDIUM

SAP NetWeaver AS for JAVA (Adobe Document Services) - Authenticated Arbitrary File Read via PDF Font Upload/Download

CVE-2024-31954 HIGH

Samsung Portable SSD for T5 <1.6.10 - Privilege Escalation

CVE-2024-22045 HIGH

SINEMA Remote Connect Client < V3.1 SP1 - Info Disclosure

CVE-2024-21501 MEDIUM

sanitize-html < 2.12.1 - Information Exposure via Style Attribute

CVE-2024-22433 HIGH

Dell Data Protection Search 19.2.0+ - Unauthenticated RCE

CVE-2024-0191 MEDIUM

RRJ Nueva Ecija Engineer Online Portal 1.0 - Info Disclosure

CVE-2023-54346 HIGH

WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

CVE-2023-7062 HIGH

Advanced File Manager Shortcodes <2.4 - Path Traversal

Previous Page 2 of 4 Next

Details

Vulnerabilities 90

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy