Skip to main content

CWE-219

Storage of File with Sensitive Data Under Web Root

3 CVEs Avg CVSS 7.7 MITRE
0
CRITICAL
2
HIGH
1
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2024-56159 npm HIGH POC PATCH This Week

Astro is a web framework for content-driven websites. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Astro
NVD GitHub
CVSS 4.0
7.8
EPSS
1.5%
CVE-2024-39776 HIGH This Week

Avtec Outpost stores sensitive information in an insecure location without proper access controls in place. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Outpost Uploader Utility Outpost 0810 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2022-36306 MEDIUM POC This Month

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airvelocity 1500 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Astro is a web framework for content-driven websites. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Astro
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Avtec Outpost stores sensitive information in an insecure location without proper access controls in place. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Outpost Uploader Utility Outpost 0810 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airvelocity 1500 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy