Vulnerabilities > Insecure Storage of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-03 | CVE-2024-12082 | Insecure Storage of Sensitive Information vulnerability in Openatom Openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 5.5 |
| 2024-11-15 | CVE-2022-20939 | A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. | 4.3 |
| 2024-11-14 | CVE-2024-3501 | Insecure Storage of Sensitive Information vulnerability in Lunary In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. | 8.1 |
| 2024-11-14 | CVE-2024-3502 | Insecure Storage of Sensitive Information vulnerability in Lunary In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. | 8.1 |
| 2024-11-06 | CVE-2024-34677 | Insecure Storage of Sensitive Information vulnerability in Samsung Android 12.0/13.0/14.0 Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate. | 3.3 |
| 2024-11-06 | CVE-2024-10028 | Insecure Storage of Sensitive Information vulnerability in Everestthemes Everest Backup The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. | 7.5 |
| 2024-11-01 | CVE-2024-48353 | Insecure Storage of Sensitive Information vulnerability in Yealink Meeting Server Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. | 7.5 |
| 2024-10-28 | CVE-2024-44257 | Insecure Storage of Sensitive Information vulnerability in Apple Macos This issue was addressed with improved redaction of sensitive information. | 5.5 |
| 2024-10-28 | CVE-2024-44222 | Insecure Storage of Sensitive Information vulnerability in Apple Macos This issue was addressed with improved redaction of sensitive information. | 3.3 |
| 2024-10-25 | CVE-2022-30359 | Insecure Storage of Sensitive Information vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. | 4.3 |