CVE-2026-5434

...

USN-8217-1: follow-redirects vulnerabilities

It was discovered that follow-redirects did not properly protect sensitive user information during redirects. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2022-0155 It was discovered that...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.3 contained a security vulnerability. This vulnerability stemmed from an improper location for storing sensitive data, which could allow malicious...

EUVD-2024-19966

Malicious code in bioql PyPI...

Google Chrome 安全漏洞

Google Chrome is a web browser. v8 is one of the open source JavaScript engines. form is a form state manager. A security vulnerability exists in Google Chrome, which stems from an improper storage implementation that could lead to data disclosure or elevation of privilege...

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe . Use of the "safe" ta...

CVE-2023-20111

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...

CVE-2021-25358

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...

CVE-2021-26279

Some parameters of the weather module are improperly stored, leaking some sensitive information...

CVE-2024-20489

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...

CVE-2021-26279

Some parameters of the weather module are improperly stored, leaking some sensitive information...

vivo Alarm clock 安全漏洞

vivo Alarm clock is a cell phone alarm clock module from the Chinese company Vivo. A security vulnerability exists in vivo Alarm clock, which originates from improper storage of some parameters of the alarm clock module, leaking some sensitive information...

vivo Weather modeule 安全漏洞

vivo Weather modeule is a mobile weather service program from the Chinese company Vivo. A security vulnerability exists in vivo Weather modeule, which stems from improper storage of some parameters in the weather module, leaking some sensitive information...

PT-2024-10899 · Unknown · Weather Module

Name of the Vulnerable Software and Affected Versions: Weather module affected versions not specified Description: The issue concerns the improper storage of some parameters within the weather module, leading to the leakage of sensitive information. Recommendations: At the moment, there is no...

CVE-2024-20507

A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of...

CVE-2024-20507 Cisco Meeting Management Information Disclosure Vulnerability

A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of...

CVE-2024-7783 Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm

mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT JSON Web Token used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of...

CVE-2024-7783 Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm

mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT JSON Web Token used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of...

Cisco Nexus Dashboard Fabric Controller Configuration Backup Information Disclosure Vulnerability

A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...

CVE-2024-20489

CVE-2024-20489 affects Cisco IOS XR Software running PON Controller, where the storage of unencrypted database credentials in the configuration files allows an authenticated, local attacker with low privileges to view MongoDB credentials. The root cause is improper storage of credentials on the d...