VYPR

CWE-922

Insecure Storage of Sensitive Information

ClassIncomplete

Description

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

Hierarchy (View 1000)

Parents

CVEs mapped to this weakness (144)

page 6 of 8
  • CVE-2024-3678MedApr 26, 2024
    risk 0.27cvss 5.3epss 0.01

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.

  • CVE-2024-3733MedApr 25, 2024
    risk 0.27cvss 5.3epss 0.01

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(),…

  • CVE-2024-2974MedApr 9, 2024
    risk 0.27cvss 5.3epss 0.01

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated…

  • CVE-2025-32746MedMay 22, 2026
    risk 0.26cvss 4.0epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.

  • CVE-2025-43203MedSep 15, 2025
    risk 0.26cvss 4.0epss 0.00

    The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.

  • CVE-2024-6295LowJun 25, 2024
    risk 0.25cvss 3.9epss 0.00

    udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided…

  • CVE-2025-2157LowMar 15, 2025
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege…

  • CVE-2024-49201MedDec 18, 2024
    risk 0.21cvss 4.3epss 0.00

    Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level.

  • CVE-2024-44200LowDec 12, 2024
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.

  • CVE-2024-44222LowOct 28, 2024
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to read sensitive location information.

  • CVE-2024-40832LowJul 29, 2024
    risk 0.21cvss 3.3epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.

  • CVE-2024-35311LowMay 29, 2024
    risk 0.21cvss 3.3epss 0.00

    Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control.

  • CVE-2024-23232LowMar 8, 2024
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen.

  • CVE-2024-23217LowJan 23, 2024
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. An app may be able to bypass certain Privacy preferences.

  • CVE-2023-6460MedDec 4, 2023
    risk 0.19cvss 4.0epss 0.00

    A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version…

  • CVE-2025-11645LowOct 12, 2025
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack…

  • CVE-2024-54485LowDec 12, 2024
    risk 0.16cvss 2.4epss 0.00

    The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.

  • CVE-2020-10368LowNov 10, 2024
    risk 0.16cvss 3.5epss 0.00

    Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack.

  • CVE-2025-11644LowOct 12, 2025
    risk 0.13cvss 2.0epss 0.00

    A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the…

  • CVE-2021-27850Apr 15, 2021
    risk 0.11cvss epss 0.94

    A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of…