CWE-538 文件和路径信息暴露 类弱点 66 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-538 属于敏感信息泄露漏洞,指产品将敏感数据写入可被未授权主体访问的文件或目录中。攻击者通常通过遍历目录或读取日志、配置文件等外部可访问资源,窃取其中的凭证或隐私数据。开发者应避免在日志或临时文件中记录敏感信息,严格设置文件权限,确保仅授权用户可访问,并使用加密存储替代明文保存。
logger.info("Username: " + usernme + ", CCN: " + ccn);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-54346 | WordPress插件Backup Migration 1.2.8 未授权数据库备份下载漏洞 — WordPress Plugin Backup Migration | 7.5 | High | 2026-05-05 |
| CVE-2026-7071 | CodeAstro Online Job Portal 信息泄露漏洞 — Online Job Portal | 5.3 | Medium | 2026-04-27 |
| CVE-2026-6160 | Code-Projects Simple ChatBox 安全漏洞 — Simple ChatBox | 5.3 | Medium | 2026-04-13 |
| CVE-2019-25706 | Across DR-810 安全漏洞 — DR-810 | 7.5 | High | 2026-04-12 |
| CVE-2026-33705 | Chamilo LMS 安全漏洞 — chamilo-lms | 5.3 | Medium | 2026-04-10 |
| CVE-2025-36051 | IBM QRadar SIEM 安全漏洞 — QRadar SIEM | 6.2 | Medium | 2026-03-19 |
| CVE-2016-20024 | ZKTeco ZKTime.Net 安全漏洞 — ZKTeco ZKTime.Net | 9.8 | Critical | 2026-03-15 |
| CVE-2026-21672 | Veeam Backup And Recovery 安全漏洞 — Backup and Replication | 7.8AI | HighAI | 2026-03-12 |
| CVE-2026-2817 | Spring Data Geode 安全漏洞 — Spring Data Geode | 4.4 | Medium | 2026-02-19 |
| CVE-2020-37104 | ASTPP 安全漏洞 — ASTPP | 7.5 | High | 2026-02-11 |
| CVE-2025-12059 | Logo j-Platform 安全漏洞 — Logo j-Platform | 9.8 | Critical | 2026-02-11 |
| CVE-2025-12699 | ZOLL ePCR 安全漏洞 — ZOLL ePCR IOS Mobile Application | 5.5 | Medium | 2026-02-10 |
| CVE-2025-36058 | IBM Business Automation Workflow 安全漏洞 — Business Automation Workflow containers | 5.5 | Medium | 2026-01-20 |
| CVE-2026-23838 | Tandoor Recipes 安全漏洞 — nixpkgs | 7.5AI | HighAI | 2026-01-19 |
| CVE-2021-4471 | TG8 Firewall 安全漏洞 — TG8 Firewall | 7.5 | - | 2025-11-14 |
| CVE-2016-15056 | Ubee EVW3226 安全漏洞 — Ubee EVW3226 | 9.8 | - | 2025-11-14 |
| CVE-2025-11891 | WordPress plugin Shelf Planner 安全漏洞 — Shelf Planner Inventory Management for WooCommerce | 5.3 | Medium | 2025-11-11 |
| CVE-2025-46602 | Dell SupportAssist OS Recovery 安全漏洞 — SupportAssist OS Recovery | 4.4 | Medium | 2025-10-27 |
| CVE-2025-11079 | CampCodes Farm Management System 安全漏洞 — Farm Management System | 5.3 | Medium | 2025-09-27 |
| CVE-2025-57734 | JetBrains TeamCity 安全漏洞 — TeamCity | 4.3 | Medium | 2025-08-20 |
| CVE-2025-8452 | Brother Industries多款产品 安全漏洞 — DCP-L8410CDW | 4.3 | Medium | 2025-08-12 |
| CVE-2024-51977 | Brother Industries Multiple driver installers for Windows 安全漏洞 — HL-L8260CDN | 5.3 | Medium | 2025-06-25 |
| CVE-2025-20665 | MediaTek Chipsets 安全漏洞 — MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8196, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8796, MT8797, MT8798, MT8893 | 5.5AI | MediumAI | 2025-05-05 |
| CVE-2025-31421 | WordPress plugin Srbtranslatin 安全漏洞 — Srbtranslatin | 5.8 | Medium | 2025-04-04 |
| CVE-2025-31558 | WordPress plugin TailPress 安全漏洞 — TailPress | 5.8 | Medium | 2025-04-03 |
| CVE-2025-31550 | WordPress plugin WP-LESS 安全漏洞 — WP-LESS | 5.8 | Medium | 2025-04-01 |
| CVE-2025-27017 | Apache NiFi 安全漏洞 — Apache NiFi | 6.5 | - | 2025-03-12 |
| CVE-2025-27150 | Tuleap 安全漏洞 — tuleap | 5.3 | Medium | 2025-03-04 |
| CVE-2025-22633 | WordPress plugin Give – Divi Donation Modules 安全漏洞 — Give – Divi Donation Modules | 5.8 | Medium | 2025-02-23 |
| CVE-2025-24689 | WordPress plugin Import and export users and customers 安全漏洞 — Import and export users and customers | 5.9 | Medium | 2025-01-27 |
CWE-538(文件和路径信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 66 条 CVE 漏洞。