Vulnerabilities > Insecure Storage of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2022-30361 | Insecure Storage of Sensitive Information vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. | 5.3 |
| 2024-09-26 | CVE-2024-43694 | Insecure Storage of Sensitive Information vulnerability in Gotenna Atak Plugin In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. | 6.5 |
| 2024-09-26 | CVE-2024-45374 | Insecure Storage of Sensitive Information vulnerability in Gotenna The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. | 6.5 |
| 2024-09-26 | CVE-2024-47122 | Insecure Storage of Sensitive Information vulnerability in Gotenna PRO In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). | 6.5 |
| 2024-09-26 | CVE-2024-47197 | Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1 Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. | 7.5 |
| 2024-08-27 | CVE-2024-5288 | Insecure Storage of Sensitive Information vulnerability in Wolfssl An issue was discovered in wolfSSL before 5.7.0. | 5.9 |
| 2024-07-19 | CVE-2024-6916 | Insecure Storage of Sensitive Information vulnerability in Zowe CLI A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag. | 5.5 |
| 2024-06-26 | CVE-2024-29953 | Insecure Storage of Sensitive Information vulnerability in Broadcom Fabric Operating System A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. | 4.3 |
| 2024-06-11 | CVE-2023-6748 | Insecure Storage of Sensitive Information vulnerability in Wpgogo Custom Field Template The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. | 4.3 |
| 2024-06-06 | CVE-2024-5206 | Insecure Storage of Sensitive Information vulnerability in Scikit-Learn A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. | 4.7 |