Skip to main content

CWE-538

Insertion of Sensitive Information into Externally-Accessible File

70 CVEs Avg CVSS 6.3 MITRE
3
CRITICAL
17
HIGH
47
MEDIUM
2
LOW
16
POC
0
KEV

Monthly

CVE-2026-15574 HIGH This Week

Sensitive information disclosure in Red Hat OpenShift AI's vllm-orchestrator-gateway component exposes bearer tokens and full chat payloads because the production binary writes all incoming Authorization headers and complete request bodies to persistent logs. Any user holding logging privileges can read these logs to harvest live credentials and potentially PII-laden conversation content. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Red Hat Openshift Ai Rhoai
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-36372 MEDIUM This Month

IBM Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.4 expose sensitive information through internal monitoring and event tables to authenticated low-privilege local users, a consequence of CWE-538 where sensitive data is inserted into storage locations accessible beyond the intended trust boundary. The CVSS vector confirms local-only attack surface (AV:L) with low-privilege authentication (PR:L) and high confidentiality impact, making this most relevant to insider threat scenarios or post-compromise lateral movement in multi-tenant Db2 environments. No public exploit code exists and the vulnerability is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.

IBM Microsoft Information Disclosure Db2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-50099 MEDIUM CISA This Month

WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attacker with brief physical access to recover host network SSID, PSK, and negotiated WPA keys printed in cleartext to a labeled, production-accessible UART debug console. The UART interface drops to an unauthenticated interactive RT-Thread shell, enabling arbitrary memory reads and full firmware extraction - escalating a credential-theft opportunity into a platform for deeper firmware-level compromise. Reported via CISA ICS-CERT advisory ICSA-26-162-02; no public exploit code identified, though the attack requires only commodity serial hardware and minimal technical knowledge.

Information Disclosure Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29114 LOW Monitor

CA root certificate exposure in Dahua IPC devices allows unauthenticated network-based attackers, under specific prerequisite conditions, to retrieve the device's internal CA root certificate. If the obtained certificate is installed and trusted on client systems, the attacker could leverage it to issue fraudulent certificates recognized as valid by those clients, collapsing the integrity of affected certificate trust chains. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and the CVSS 4.0 score of 2.3 reflects the multi-step, user-dependent nature of the full attack chain.

Information Disclosure Dahua
NVD
CVSS 4.0
2.3
EPSS
0.0%
CVE-2019-25717 MEDIUM This Month

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infinity Delta Firmware Delta Xl Firmware Kappa Firmware
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-10254 MEDIUM POC This Month

File and directory information exposure in SourceCodester Pet Grooming Management Software 1.0 allows remote unauthenticated attackers to enumerate internal file and directory structures via the /admin/ endpoint. The root cause is CWE-538 (Deployment of Code to Unauthorized Actors / File and Directory Information Exposure), and a proof-of-concept exploit has been publicly released on GitHub. While not listed in CISA KEV and carrying only low confidentiality impact, the absence of any authentication requirement and the public POC lower the bar for exploitation significantly.

Information Disclosure Pet Grooming Management Software
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-49298 PyPI HIGH PATCH GHSA This Week

Sensitive information disclosure in Apache Airflow versions prior to 3.2.2 exposes JWT authentication tokens via KubernetesExecutor command-line arguments, allowing low-privileged users with process listing access on worker pods to harvest credentials and impersonate workers against the Execution API. The flaw, addressed in PR #60108 alongside a redesign of workload/execution token lifetimes, carries a CVSS 8.8 due to high impact across confidentiality, integrity, and availability. No public exploit has been identified at time of analysis and EPSS sits at 0.02%, suggesting limited mass-exploitation activity.

Apache Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5434 MEDIUM PATCH This Month

Sensitive information disclosure in Honeywell Control Network Module (CNM) versions 100.1 through 110.2 allows unauthenticated remote attackers to access protected data by probing system file paths that inadvertently receive sensitive writes. The root cause is CWE-538, where the module incorrectly routes sensitive information into directories accessible outside the intended trust boundary. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, its presence in an industrial control system network component elevates the operational consequence of any successful confidentiality breach.

Information Disclosure Honeywell
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-27173 PyPI HIGH PATCH GHSA This Week

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.

Kubernetes Information Disclosure Apache Airflow Cncf Kubernetes Provider
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2023-54346 HIGH POC This Week

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive information disclosure in Red Hat OpenShift AI's vllm-orchestrator-gateway component exposes bearer tokens and full chat payloads because the production binary writes all incoming Authorization headers and complete request bodies to persistent logs. Any user holding logging privileges can read these logs to harvest live credentials and potentially PII-laden conversation content. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Red Hat Openshift Ai Rhoai
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.4 expose sensitive information through internal monitoring and event tables to authenticated low-privilege local users, a consequence of CWE-538 where sensitive data is inserted into storage locations accessible beyond the intended trust boundary. The CVSS vector confirms local-only attack surface (AV:L) with low-privilege authentication (PR:L) and high confidentiality impact, making this most relevant to insider threat scenarios or post-compromise lateral movement in multi-tenant Db2 environments. No public exploit code exists and the vulnerability is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.

IBM Microsoft Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attacker with brief physical access to recover host network SSID, PSK, and negotiated WPA keys printed in cleartext to a labeled, production-accessible UART debug console. The UART interface drops to an unauthenticated interactive RT-Thread shell, enabling arbitrary memory reads and full firmware extraction - escalating a credential-theft opportunity into a platform for deeper firmware-level compromise. Reported via CISA ICS-CERT advisory ICSA-26-162-02; no public exploit code identified, though the attack requires only commodity serial hardware and minimal technical knowledge.

Information Disclosure Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW Monitor

CA root certificate exposure in Dahua IPC devices allows unauthenticated network-based attackers, under specific prerequisite conditions, to retrieve the device's internal CA root certificate. If the obtained certificate is installed and trusted on client systems, the attacker could leverage it to issue fraudulent certificates recognized as valid by those clients, collapsing the integrity of affected certificate trust chains. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and the CVSS 4.0 score of 2.3 reflects the multi-step, user-dependent nature of the full attack chain.

Information Disclosure Dahua
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infinity Delta Firmware Delta Xl Firmware +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

File and directory information exposure in SourceCodester Pet Grooming Management Software 1.0 allows remote unauthenticated attackers to enumerate internal file and directory structures via the /admin/ endpoint. The root cause is CWE-538 (Deployment of Code to Unauthorized Actors / File and Directory Information Exposure), and a proof-of-concept exploit has been publicly released on GitHub. While not listed in CISA KEV and carrying only low confidentiality impact, the absence of any authentication requirement and the public POC lower the bar for exploitation significantly.

Information Disclosure Pet Grooming Management Software
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sensitive information disclosure in Apache Airflow versions prior to 3.2.2 exposes JWT authentication tokens via KubernetesExecutor command-line arguments, allowing low-privileged users with process listing access on worker pods to harvest credentials and impersonate workers against the Execution API. The flaw, addressed in PR #60108 alongside a redesign of workload/execution token lifetimes, carries a CVSS 8.8 due to high impact across confidentiality, integrity, and availability. No public exploit has been identified at time of analysis and EPSS sits at 0.02%, suggesting limited mass-exploitation activity.

Apache Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Sensitive information disclosure in Honeywell Control Network Module (CNM) versions 100.1 through 110.2 allows unauthenticated remote attackers to access protected data by probing system file paths that inadvertently receive sensitive writes. The root cause is CWE-538, where the module incorrectly routes sensitive information into directories accessible outside the intended trust boundary. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, its presence in an industrial control system network component elevates the operational consequence of any successful confidentiality breach.

Information Disclosure Honeywell
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.

Kubernetes Information Disclosure Apache Airflow Cncf Kubernetes Provider
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy