CWE-922
4 CVEs of this weakness class.
- CVE-2024-48352HIGH 7.5Real · low riskEPSS 0%
Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID.
- CVE-2024-48770HIGH 8.2Real · low riskEPSS 0%
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.
- CVE-2025-45242HIGH 7.7Real · low riskEPSS 0%
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
- CVE-2025-28171MED 6.5EPSS 0%
An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.