| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-46511 | High | 8.7 v4 | 0.3% | - | -No fix available yet | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSettings` endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens (including the `jwt`, `user_token`, `site_token`, and `appstore_token`) into a global JavaScript variable (`window.appSettings`). An attacker can exploit the XSS vulnerability to force a victim's browser to silently fetch their specific connection settings, extract the tokens, and exfiltrate them to an attacker-controlled webhook. Version 26.0.0 patches the issue. |
| CVE-2026-5515 | Medium | 5.5 v3 | 0.1% | - | Fix available | 2026-05-27 | IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. |
| CVE-2026-7257 | Medium | 4.4 v3 | 0.1% | - | -No fix available yet | 2026-05-12 | ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file. |
| CVE-2026-40868 | High | 8.1 v3 | 0.3% | - | Fix available | 2026-04-21 | Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. Because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount token to an attacker-controlled endpoint (confused deputy). Namespaced policies are blocked from servicecall usage by the namespaced urlPath gate in pkg/engine/apicall/apiCall.go, so this report is scoped to ClusterPolicy and global context usage. This vulnerability is fixed in 1.16.4. |
| CVE-2026-26152 | High | 7.0 v3 | 0.2% | - | Fix available | 2026-04-14 | Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. |
| CVE-2026-5666 | Medium | 5.3 v3 | 0.3% | - | -No fix available yet | 2026-04-06 | A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be performed from remote. The exploit is now public and may be used. |
| CVE-2026-5650 | Medium | 5.3 v3 | 0.3% | - | -No fix available yet | 2026-04-06 | A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used. |
| CVE-2026-33407 | Critical | 9.1 v3 | 0.4% | - | Fix available | 2026-03-24 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP_PROXY and HTTPS_PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search terms, which can be controlled by attackers to trigger outbound requests to arbitrary domains. This issue has been patched in version 4.7.0. |
| CVE-2025-10734 | Medium | 5.3 v3 | 0.2% | - | -No fix available yet | 2026-03-23 | The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated attackers to extract sensitive data including user names, emails, phone numbers, addresses. |
| CVE-2026-20629 | Medium | 5.5 v3 | 0.1% | - | Fix available | 2026-02-11 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data. |
| CVE-2025-10464 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2026-02-09 | Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology. |
| CVE-2025-70963 | High | 7.6 v3 | 0.3% | - | -No fix available yet | 2026-02-06 | Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context. |
| CVE-2025-14376 | Unscored | - | 0.1% | - | -No fix available yet | 2026-01-20 | A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024. |
| CVE-2025-10971 | Unscored | - | 0.1% | - | -No fix available yet | 2025-12-02 | Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5. |
| CVE-2025-12539 | Critical | 10.0 v3 | 1.0% | - | -No fix available yet | 2025-11-11 | The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the "Tnc_Wp_Toolbox_Settings::save_settings" function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment. |
| CVE-2025-61482 | High | 7.2 v3 | 0.1% | - | -No fix available yet | 2025-10-27 | Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts. |
| CVE-2025-60856 | Medium | 6.8 v3 | 0.3% | - | -No fix available yet | 2025-10-20 | Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity." |
| CVE-2025-11645 | Low | 2.4 v3 | 0.2% | - | -No fix available yet | 2025-10-12 | A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2025-11644 | Low | 2.0 v3 | 0.3% | - | -No fix available yet | 2025-10-12 | A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2025-11639 | Low | 3.3 v3 | 0.2% | - | -No fix available yet | 2025-10-12 | A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2025-21045 | Medium | 4.0 v3 | 0.1% | - | -No fix available yet | 2025-10-10 | Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. |
| CVE-2025-35054 | Medium | 5.3 v3 | 0.1% | - | -No fix available yet | 2025-10-09 | Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources. |
| CVE-2025-34189 | High | 7.8 v3 | 0.2% | - | Fix available | 2025-09-19 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor a |
| CVE-2025-43203 | Medium | 4.0 v3 | 0.2% | - | Fix available | 2025-09-15 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note. |
| CVE-2025-8699 | Critical | 9.1 v3 | 0.7% | - | -No fix available yet | 2025-09-12 | Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods. |
| CVE-2025-54083 | Unscored | - | 0.2% | - | -No fix available yet | 2025-09-09 | Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE. |
| CVE-2025-21041 | Medium | 6.2 v3 | 0.1% | - | Fix available | 2025-09-03 | Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. |
| CVE-2025-53507 | Medium | 6.5 v3 | 0.3% | - | -No fix available yet | 2025-08-29 | Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]. |
| CVE-2025-25732 | Medium | 6.8 v3 | 0.3% | - | -No fix available yet | 2025-08-26 | Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root. |
| CVE-2025-46660 | Medium | 5.3 v3 | 0.3% | - | -No fix available yet | 2025-08-06 | An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt. |
| CVE-2025-37110 | Medium | 6.0 v3 | 0.1% | - | -No fix available yet | 2025-07-31 | A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information. |
| CVE-2025-28171 | Medium | 6.5 v3 | 0.4% | - | -No fix available yet | 2025-07-29 | An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi. |
| CVE-2025-28244 | High | 8.8 v3 | 0.5% | - | -No fix available yet | 2025-07-10 | Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover |
| CVE-2025-21003 | Medium | 4.0 v3 | 0.1% | - | -No fix available yet | 2025-07-08 | Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information. |
| CVE-2025-42979 | Medium | 5.6 v3 | 0.1% | - | -No fix available yet | 2025-07-08 | The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application |
| CVE-2025-37100 | High | 7.7 v3 | 0.4% | - | -No fix available yet | 2025-06-10 | A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information. |
| CVE-2025-48929 | Medium | 4.0 v3 | 0.3% | - | -No fix available yet | 2025-05-28 | The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary. |
| CVE-2024-13954 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2025-05-22 | Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
| CVE-2025-45242 | High | 7.7 v3 | 0.4% | - | -No fix available yet | 2025-05-05 | Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php. |
| CVE-2025-46627 | High | 8.2 v3 | 0.4% | - | -No fix available yet | 2025-05-01 | Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address. |
| CVE-2025-2440 | Medium | 4.2 v3 | 0.2% | - | -No fix available yet | 2025-04-09 | CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode. |
| CVE-2025-29809 | High | 7.1 v3 | 4.0% | - | Fix available | 2025-04-08 | Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. |
| CVE-2025-20945 | Medium | 4.0 v3 | 0.1% | - | -No fix available yet | 2025-04-08 | Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. |
| CVE-2025-2489 | Unscored | - | 0.2% | - | -No fix available yet | 2025-03-18 | Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json. |
| CVE-2025-2241 | High | 8.2 v3 | 0.5% | - | -No fix available yet | 2025-03-17 | A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation. |
| CVE-2025-2157 | Low | 3.3 v3 | 0.1% | - | -No fix available yet | 2025-03-15 | A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively. |
| CVE-2025-20912 | Medium | 6.2 v3 | 0.1% | - | -No fix available yet | 2025-03-06 | Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch. |
| CVE-2025-21098 | Medium | 5.5 v3 | 0.2% | - | -No fix available yet | 2025-03-04 | in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check. |
| CVE-2025-22492 | Medium | 6.3 v3 | 0.2% | - | -No fix available yet | 2025-02-28 | The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS. |
| CVE-2024-12315 | High | 7.5 v3 | 0.5% | - | Fix available | 2025-02-12 | The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data. |
- HighCVSS 8.7 v4·EPSS 0.3%·No fix yet
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSettings` endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover. The API dynamically leaks the active session's authentication tokens (including the `jwt`, `user_token`, `site_token`, and `appstore_token`) into a global JavaScript variable (`window.appSettings`). An attacker can exploit the XSS vulnerability to force a victim's browser to silently fetch their specific connection settings, extract the tokens, and exfiltrate them to an attacker-controlled webhook. Version 26.0.0 patches the issue.
Published 2026-06-05
- MediumCVSS 5.5 v3·EPSS 0.1%·Fix available
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
Published 2026-05-27
- MediumCVSS 4.4 v3·EPSS 0.1%·No fix yet
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.
Published 2026-05-12
- HighCVSS 8.1 v3·EPSS 0.3%·Fix available
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. Because context.apiCall.service.url is policy-controlled, this can send the kyverno serviceaccount token to an attacker-controlled endpoint (confused deputy). Namespaced policies are blocked from servicecall usage by the namespaced urlPath gate in pkg/engine/apicall/apiCall.go, so this report is scoped to ClusterPolicy and global context usage. This vulnerability is fixed in 1.16.4.
Published 2026-04-21
- HighCVSS 7.0 v3·EPSS 0.2%·Fix available
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
Published 2026-04-14
- MediumCVSS 5.3 v3·EPSS 0.3%·No fix yet
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be performed from remote. The exploit is now public and may be used.
Published 2026-04-06
- MediumCVSS 5.3 v3·EPSS 0.3%·No fix yet
A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Published 2026-04-06
- CriticalCVSS 9.1 v3·EPSS 0.4%·Fix available
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP_PROXY and HTTPS_PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search terms, which can be controlled by attackers to trigger outbound requests to arbitrary domains. This issue has been patched in version 4.7.0.
Published 2026-03-24
- MediumCVSS 5.3 v3·EPSS 0.2%·No fix yet
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated attackers to extract sensitive data including user names, emails, phone numbers, addresses.
Published 2026-03-23
- MediumCVSS 5.5 v3·EPSS 0.1%·Fix available
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
Published 2026-02-11
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.
Published 2026-02-09
- HighCVSS 7.6 v3·EPSS 0.3%·No fix yet
Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.
Published 2026-02-06
- UnscoredCVSS -·EPSS 0.1%·No fix yet
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
Published 2026-01-20
- UnscoredCVSS -·EPSS 0.1%·No fix yet
Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
Published 2025-12-02
- CriticalCVSS 10.0 v3·EPSS 1.0%·No fix yet
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the "Tnc_Wp_Toolbox_Settings::save_settings" function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment.
Published 2025-11-11
- HighCVSS 7.2 v3·EPSS 0.1%·No fix yet
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts.
Published 2025-10-27
- MediumCVSS 6.8 v3·EPSS 0.3%·No fix yet
Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain restrictions on users privately connecting serial port cables" and because "the root user has a password and it meets the requirements of password security complexity."
Published 2025-10-20
- CVSS 2.4 v3·EPSS 0.2%·No fix yet
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2025-10-12
- CVSS 2.0 v3·EPSS 0.3%·No fix yet
A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2025-10-12
- CVSS 3.3 v3·EPSS 0.2%·No fix yet
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2025-10-12
- MediumCVSS 4.0 v3·EPSS 0.1%·No fix yet
Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.
Published 2025-10-10
- MediumCVSS 5.3 v3·EPSS 0.1%·No fix yet
Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.
Published 2025-10-09
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor a
Published 2025-09-19
- MediumCVSS 4.0 v3·EPSS 0.2%·Fix available
The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.
Published 2025-09-15
- CriticalCVSS 9.1 v3·EPSS 0.7%·No fix yet
Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods.
Published 2025-09-12
- UnscoredCVSS -·EPSS 0.2%·No fix yet
Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
Published 2025-09-09
- MediumCVSS 6.2 v3·EPSS 0.1%·Fix available
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
Published 2025-09-03
- MediumCVSS 6.5 v3·EPSS 0.3%·No fix yet
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Published 2025-08-29
- MediumCVSS 6.8 v3·EPSS 0.3%·No fix yet
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
Published 2025-08-26
- MediumCVSS 5.3 v3·EPSS 0.3%·No fix yet
An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
Published 2025-08-06
- MediumCVSS 6.0 v3·EPSS 0.1%·No fix yet
A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Published 2025-07-31
- MediumCVSS 6.5 v3·EPSS 0.4%·No fix yet
An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.
Published 2025-07-29
- HighCVSS 8.8 v3·EPSS 0.5%·No fix yet
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover
Published 2025-07-10
- MediumCVSS 4.0 v3·EPSS 0.1%·No fix yet
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.
Published 2025-07-08
- MediumCVSS 5.6 v3·EPSS 0.1%·No fix yet
The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application
Published 2025-07-08
- HighCVSS 7.7 v3·EPSS 0.4%·No fix yet
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.
Published 2025-06-10
- MediumCVSS 4.0 v3·EPSS 0.3%·No fix yet
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.
Published 2025-05-28
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
Published 2025-05-22
- HighCVSS 7.7 v3·EPSS 0.4%·No fix yet
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
Published 2025-05-05
- HighCVSS 8.2 v3·EPSS 0.4%·No fix yet
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address.
Published 2025-05-01
- MediumCVSS 4.2 v3·EPSS 0.2%·No fix yet
CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode.
Published 2025-04-09
- HighCVSS 7.1 v3·EPSS 4.0%·Fix available
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
Published 2025-04-08
- MediumCVSS 4.0 v3·EPSS 0.1%·No fix yet
Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.
Published 2025-04-08
- UnscoredCVSS -·EPSS 0.2%·No fix yet
Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.
Published 2025-03-18
- HighCVSS 8.2 v3·EPSS 0.5%·No fix yet
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.
Published 2025-03-17
- CVSS 3.3 v3·EPSS 0.1%·No fix yet
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.
Published 2025-03-15
- MediumCVSS 6.2 v3·EPSS 0.1%·No fix yet
Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.
Published 2025-03-06
- MediumCVSS 5.5 v3·EPSS 0.2%·No fix yet
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.
Published 2025-03-04
- MediumCVSS 6.3 v3·EPSS 0.2%·No fix yet
The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS.
Published 2025-02-28
- HighCVSS 7.5 v3·EPSS 0.5%·Fix available
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/smack_uci_uploads/exports/ directory which can contain information like exported user data.
Published 2025-02-12
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.