CWE-538
Insertion of Sensitive Info into Externally-Accessible File
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 5 of 5- CVE-2026-50099Medium· 4.620 h ago
During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and d
- CVE-2026-29114—EPSS 0%2 d ago
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients
- CVE-2026-50565Medium· 4.9EPSS 0%2 d ago
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builde
- CVE-2026-46617—EPSS 0%2 d ago
Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
go - CVE-2016-20024Critical· 9.8EPSS 0%4 d ago
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 director
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.