CWE-922
385 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-922page 7 of 8
- CVE-2024-5599HIGHCVSS 7.5EG 7.52024-06-07
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible…
- CVE-2024-56113HIGHCVSS 7.5EG 7.52025-01-09
Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.
- CVE-2024-56947MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56948MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56949MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56950MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56951MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56952MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.
- CVE-2024-56953MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.
- CVE-2024-56954MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56955MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56957MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56959MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56960MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56962MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56963MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56964MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56965MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56966MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56967MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56968MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.
- CVE-2024-56969MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56971MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-56972MEDIUMCVSS 6.5EG 6.52025-01-27
An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link.
- CVE-2024-57436HIGHCVSS 7.2EG 7.22025-01-29
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
- CVE-2024-57546HIGHCVSS 7.5EG 7.52025-01-27
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
- CVE-2024-6295LOWCVSS 3.9EG 3.92024-06-25
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into t…
- CVE-2024-6916MEDIUMCVSS 5.9EG 5.92024-07-19
A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag.
- CVE-2024-7569CRITICALCVSS 9.6EG 9.62024-08-13
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
- CVE-2024-8899MEDIUMCVSS 4.3EG 4.32024-11-26
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for …
- CVE-2025-10464MEDIUMCVSS 6.5EG 6.52026-02-09
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: Because the pr…
- CVE-2025-10971HIGHCVSS 8.8EG 0.02025-12-02
Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
- CVE-2025-11639LOWCVSS 3.3EG 3.32025-10-12
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensiti…
- CVE-2025-11644LOWCVSS 2.0EG 2.02025-10-12
A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The phy…
- CVE-2025-11645LOWCVSS 2.4EG 2.42025-10-12
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive informatio…
- CVE-2025-12539CRITICALCVSS 10.0EG 10.02025-11-11
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) i…
- CVE-2025-14376HIGHCVSS 8.6EG 0.02026-01-20
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the …
- CVE-2025-20886MEDIUMCVSS 4.1EG 4.12025-02-04
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
- CVE-2025-20912MEDIUMCVSS 6.2EG 6.22025-03-06
Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.
- CVE-2025-20945MEDIUMCVSS 4.0EG 4.02025-04-08
Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.
- CVE-2025-21003MEDIUMCVSS 4.0EG 4.02025-07-08
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21041MEDIUMCVSS 6.2EG 5.52025-09-03
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
- CVE-2025-21045MEDIUMCVSS 4.0EG 4.02025-10-10
Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21098MEDIUMCVSS 5.5EG 5.52025-03-04
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.
- CVE-2025-21299HIGHCVSS 7.1EG 7.12025-01-14
Windows Kerberos Security Feature Bypass Vulnerability
- CVE-2025-2157LOWCVSS 3.3EG 3.32025-03-15
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to in…
- CVE-2025-2241HIGHCVSS 8.2EG 8.22025-03-17
A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. User…
- CVE-2025-22492MEDIUMCVSS 6.3EG 6.32025-02-28
The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the …
- CVE-2025-22983HIGHCVSS 7.5EG 7.52025-01-14
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.
- CVE-2025-22984HIGHCVSS 7.5EG 7.52025-01-14
An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.
Map vulnerabilities like CWE-922 to your infrastructure
EchelonGraph correlates every CVE — across CWE-922 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →