CWE-922: CWE-922

A macOS vulnerability allows malicious applications to access Find My data, which could expose location information and device details. This affects m...

This CVE describes an information disclosure vulnerability in Microsoft Outlook where files attached as links to emails could be accessed by unauthori...

This vulnerability in 4C Strategies Exonaut 21.6 allows attackers to more easily crack user passwords if they gain access to the database, since passw...

OvalEdge versions 5.2.8.0 and earlier expose sensitive user information through an unauthenticated GET request to /user/getUserType. This vulnerabilit...

This vulnerability in Oracle E-Business Suite's Installed Base component allows unauthenticated attackers to read sensitive data via HTTP requests. It...

This vulnerability in WPMU DEV Defender Security WordPress plugin allows attackers to access sensitive information stored in temporary files. It affec...

This CVE describes a speculative execution vulnerability in PAM (Pluggable Authentication Modules) where an attacker can manipulate branch prediction ...

This vulnerability allows attackers with physical access to One2Track smartwatches to retrieve confidential audio recordings stored on the device. The...

This CVE describes an information disclosure vulnerability in F5's GSLB container where authenticated local attackers can access sensitive information...

This vulnerability in the flashc component allows local information disclosure when exploited by a process with System execution privileges. It affect...

This vulnerability in Samsung Exynos processors allows information leakage when a malformed uplink scheduling message is incorrectly handled. It affec...

OvalEdge versions 5.2.8.0 and earlier expose sensitive user data through an authenticated GET request to /user/getUserList. This vulnerability allows ...

The Jenkins Plain Credentials Plugin versions 182.v468b_97b_9dcb_8 and earlier store secret file credentials unencrypted (only Base64 encoded) on the ...

This vulnerability in Brocade Fabric OS web interface exposes encoded session passwords in session storage on Virtual Fabric platforms. It allows auth...

This vulnerability in Cybozu Garoon allows authenticated users to view sensitive Scheduler data they shouldn't have access to. It affects users who ca...

The Custom Field Template WordPress plugin up to version 2.6.1 contains a vulnerability that allows authenticated attackers with contributor-level acc...

A CWE-922 vulnerability in Schneider Electric products allows unauthorized access to sensitive information when a malicious user with physical access ...

This vulnerability allows local attackers to access sensitive information stored insecurely on Galaxy Watch devices. It affects Galaxy Watch users who...

This vulnerability allows an attacker with physical access to an unlocked iOS/iPadOS device to view an image from the most recently viewed locked note...

This vulnerability allows local attackers to access sensitive information stored insecurely in the Emergency SOS feature on Samsung devices. It affect...

This vulnerability in TeleMessage allows attackers to reuse stolen long-lived authentication credentials to gain unauthorized access to the service. I...

The MeetMe mobile application stores sensitive information insecurely, allowing attackers to retrieve embedded data from the app's storage. This affec...