CWE-922: CWE-922

This vulnerability allows remote attackers to steal valid user session tokens from localStorage in Alteryx Server, enabling account takeover. Attacker...

This macOS vulnerability allows Remote Login sessions to bypass security controls and obtain full disk access permissions. It affects macOS systems wi...

This vulnerability exposes VCenter credentials in ClusterProvision objects within Hive (part of Multicluster Engine and Advanced Cluster Management). ...

This vulnerability in Intel DCM software allows authenticated local users to access insecurely stored sensitive information, potentially enabling priv...

This vulnerability allows local attackers to execute arbitrary code as the user running opensuse-welcome by exploiting insecure storage of sensitive i...

This vulnerability in Twilight v.13.3 for Android allows unauthorized apps to escalate privileges by manipulating SharedPreference files. Attackers ca...

This vulnerability in Blue Light Filter v1.5.5 for Android allows unauthorized apps to manipulate SharedPreference files, leading to privilege escalat...

This vulnerability in Rhymix CMS allows authenticated administrators to delete arbitrary files on the server through the procFileAdminEditImage method...

This vulnerability in Atos Eviden SMC xScale allows unprivileged users to access sensitive configuration parameters containing credentials after a reb...

An information disclosure vulnerability in Brocade SANnav allows authenticated users to access database structure and contents when configured in disa...

This vulnerability allows unauthenticated attackers to access sensitive exported data files stored in an insecure directory in the Export All Posts pl...

This vulnerability in CMSimple v5.16 allows remote attackers to perform Server-Side Request Forgery (SSRF) attacks through the validate link function....

An access control vulnerability in iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information via the /square/getAllSquare/circle ...

An unauthenticated access control vulnerability in iceCMS v2.2.0 allows attackers to access sensitive information via the /api/squareComment/DelectSqu...

This vulnerability exposes sensitive configuration information from Django settings files when debug mode is enabled. Attackers can trigger verbose er...

This vulnerability in Ruijie Reyee OS allows attackers to correlate device serial numbers with user phone numbers and partial email addresses. It affe...

Paxton Net2 versions before 6.07.14023.5015 (SR4) have insufficient validation of REST API license files, allowing attackers to use the API with inval...

The Everest Backup WordPress plugin exposes sensitive information during backup operations, allowing unauthenticated attackers to discover backup arch...

A misconfiguration vulnerability in Smartplay headunits used in Suzuki and Toyota vehicles allows unauthorized access to sensitive information. This a...

This vulnerability allows attackers to cause a Denial of Service (DoS) in Tormach xsTECH CNC routers by overwriting the card's name in device memory, ...

An unauthenticated attacker can exploit an improper configuration in Mitel MiContact Center Business's legacy chat component to access sensitive infor...

This vulnerability in Thunderbird allows encrypted email subjects to be incorrectly assigned to other cached emails. When replying to contaminated ema...

KiteCMS 1.1 has an incorrect access control vulnerability that allows remote attackers to view sensitive files by manipulating URL paths. This affects...

Brocade SANnav versions before v2.2.0.2 and v2.1.1.8 store SCP server passwords in log files using only Base64 encoding, which provides no real securi...

This vulnerability in JetBrains TeamCity allows environment variables marked as 'password' type to be logged in certain cases, potentially exposing se...

The miniorange_saml extension for TYPO3 before version 1.4.3 exposes sensitive API credentials and private keys, allowing attackers to access authenti...

CVE-2021-22914 is an information disclosure vulnerability in Citrix Cloud Connector where sensitive authentication parameters are stored in plaintext ...

This vulnerability in JetBrains TeamCity exposes Elastic Container Registry (ECR) tokens in build parameters, potentially allowing unauthorized access...

QMS Automotive versions before V12.39 store sensitive application data in insecure external storage via the QMS.Mobile module. This allows attackers w...

CVE-2024-57436 is a session ID exposure vulnerability in RuoYi v4.8.0 that allows unauthorized attackers to view admin session IDs through system moni...

This vulnerability allows an authorized attacker with local access to bypass a security feature in Windows Kerberos by exploiting insecure storage of ...

This vulnerability exposes database connection strings to users with access to the FRSCore database in Foreseer Reporting Software, allowing attackers...

This vulnerability allows local attackers to access sensitive information stored in Samsung's Secure Folder on Android devices. It affects Samsung dev...

An incorrect default permission vulnerability in DiagMonAgent on Samsung Galaxy Watch devices allows local attackers to access sensitive data. This af...

This vulnerability in BAS-IP video intercom devices allows remote attackers to obtain sensitive information via crafted HTTP GET requests. It affects ...

A URL parsing vulnerability in macOS allows attackers in privileged network positions to leak sensitive user information. This affects macOS Ventura a...

CVE-2024-6916 is an information disclosure vulnerability in Zowe CLI that allows local, privileged users to view securely stored properties in clearte...

This vulnerability in the FarCry Core framework allows attackers to access sensitive information stored in the /facade directory without authenticatio...

This vulnerability in Altai IX500 APs allows authenticated attackers to read sensitive files after login, potentially exposing credentials, configurat...

CVE-2025-42979 is a vulnerability in GuiXT application integrated with SAP GUI for Windows where RFC user credentials are stored using weak obfuscatio...

This macOS vulnerability allows applications to access sensitive user data through improper handling of temporary files. It affects macOS systems befo...

This vulnerability in OpenHarmony allows a local attacker to bypass permission checks and perform out-of-bounds reads, potentially leaking sensitive i...

A macOS vulnerability allows applications to access user-sensitive data that should be redacted. This affects macOS users running versions before Sequ...

This vulnerability in Android's MediaProvider allows improper file access across user boundaries due to insufficient input validation in the ensureFil...