VYPR

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

BaseDraft

Description

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-95

CVEs mapped to this weakness (59)

page 1 of 3
  • CVE-2016-20024CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.01

    ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace…

  • CVE-2025-12059CriFeb 11, 2026
    risk 0.64cvss 9.8epss 0.00

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Logo j-Platform: from 3.29.6.4…

  • CVE-2026-21672HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.

  • CVE-2026-23838HigJan 19, 2026
    risk 0.57cvss epss 0.00

    Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may…

  • CVE-2021-4471HigNov 14, 2025
    risk 0.57cvss epss 0.01

    TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and…

  • CVE-2016-15056HigNov 14, 2025
    risk 0.57cvss epss 0.01

    Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local…

  • CVE-2023-7062HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.01

    The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can…

  • CVE-2026-46617HigJun 10, 2026
    risk 0.50cvss epss 0.00

    Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher…

  • CVE-2026-49298HigJun 1, 2026
    risk 0.50cvss 8.8epss 0.00

    A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to…

  • CVE-2026-27173HigMay 19, 2026
    risk 0.50cvss 8.7epss 0.00

    JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow…

  • CVE-2023-54346HigMay 5, 2026
    risk 0.49cvss 7.5epss 0.00

    WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and…

  • CVE-2019-25706HigApr 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and…

  • CVE-2018-10590HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory…

  • CVE-2016-10399HigJul 27, 2017
    risk 0.49cvss 7.5epss 0.01

    Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL.

  • CVE-2024-31954HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directory and DLL files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (An attacker…

  • CVE-2024-6880MedJan 10, 2025
    risk 0.45cvss epss 0.00

    During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses that path, allowing an…

  • CVE-2024-47580MedDec 10, 2024
    risk 0.44cvss 6.8epss 0.01

    An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no…

  • CVE-2024-47579MedDec 10, 2024
    risk 0.44cvss 6.8epss 0.01

    An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve…

  • CVE-2017-16770MedFeb 27, 2018
    risk 0.42cvss 6.5epss 0.02

    File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.

  • CVE-2024-51977MedJun 25, 2025
    risk 0.41cvss 5.3epss 0.77

    An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a…