Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-202 (通过数据查询的敏感数据暴露) — Vulnerability Class 25

25 vulnerabilities classified as CWE-202 (通过数据查询的敏感数据暴露). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-30778 Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. — Apache SkyWalking 7.5 -2026-04-15
CVE-2026-33530 InvenTree Vulnerable to ORM Filter Injection — InvenTree 7.7 High2026-03-26
CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action — e-shot 5.3 Medium2026-03-21
CVE-2026-25050 Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy — vendure 3.7AILowAI2026-01-30
CVE-2025-64528 Users are able to find users by name even when `enable_names` is off — discourse 5.3 -2025-12-30
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup — phpMyFAQ 7.5 High2025-12-29
CVE-2025-64504 Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs — langfuse 5.0 Medium2025-11-10
CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine — dragonfly 8.8AIHighAI2025-09-17
CVE-2025-36575 Dell Wyse Management Suite WMS 安全漏洞 — Wyse Management Suite 7.5 High2025-06-10
CVE-2025-29981 Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite 7.5 High2025-04-02
CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching — audiobookshelf 8.2 High2025-02-12
CVE-2024-13255 RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019 — RESTful Web Services 5.3 -2025-01-09
CVE-2024-20388 Cisco Firepower Management Center 安全漏洞 — Cisco Firepower Management Center 5.3 Medium2024-10-23
CVE-2024-2088 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure — NextScripts: Social Networks Auto-Poster 8.5 High2024-05-22
CVE-2023-7072 Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint — Post Grid 7.5 High2024-03-12
CVE-2023-1625 Information leak in api — openstack-heat 7.4 High2023-09-24
CVE-2023-20215 Cisco Secure Web Appliance 安全漏洞 — Cisco Secure Web Appliance 5.8 Medium2023-08-03
CVE-2023-0785 SourceCodester Best Online News Portal check_availability.php information exposure — Best Online News Portal 3.7 Low2023-02-12
CVE-2022-41623 WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability — ALD - AliExpress Dropshipping and Fulfillment for WooCommerce (WordPress plugin) 7.5 High2022-10-14
CVE-2022-20810 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure Vulnerability — Cisco IOS XE Software 6.5 Medium2022-09-30
CVE-2021-4159 Linux kernel 安全漏洞 — kernel 5.5 -2022-08-24
CVE-2022-20747 Cisco SD-WAN vManage Software Information Disclosure Vulnerability — Cisco SD-WAN vManage 6.5 Medium2022-04-15
CVE-2021-34782 Cisco DNA Center Information Disclosure Vulnerability — Cisco Digital Network Architecture Center (DNA Center) 4.3 Medium2021-10-06
CVE-2021-32743 Passwords used to access external services inadvertently exposed through API — icinga2 8.8 High2021-07-15
CVE-2021-1372 Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Shared Memory Information Disclosure Vulnerability — Cisco Webex Productivity Tools 5.5 Medium2021-02-17

Vulnerabilities classified as CWE-202 (通过数据查询的敏感数据暴露) represent 25 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.