43 matches found
CVE-2026-5434
...
USN-8217-1: follow-redirects vulnerabilities
It was discovered that follow-redirects did not properly protect sensitive user information during redirects. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2022-0155 It was discovered that...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.3 contained a security vulnerability. This vulnerability stemmed from an improper location for storing sensitive data, which could allow malicious...
EUVD-2024-19966
Malicious code in bioql PyPI...
Google Chrome 安全漏洞
Google Chrome is a web browser. v8 is one of the open source JavaScript engines. form is a form state manager. A security vulnerability exists in Google Chrome, which stems from an improper storage implementation that could lead to data disclosure or elevation of privilege...
CVE-2024-22414
flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe . Use of the "safe" ta...
CVE-2023-20111
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...
CVE-2021-25358
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...
CVE-2021-26279
Some parameters of the weather module are improperly stored, leaking some sensitive information...
The vulnerability of Oracle Communications’ Order and Service Management system, related to improper storage of permissions, allows a perpetrator to compromise the confidentiality and integrity of the protected information.
The vulnerability of Oracle Communications Order and Service Management system is related to improper storage of permissions. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected information...
CVE-2024-20489
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...
The vulnerability of the Zabbix universal monitoring system, related to improper storage of permissions, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Zabbix universal monitoring system is related to improper storage of permissions. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2021-26279
Some parameters of the weather module are improperly stored, leaking some sensitive information...
vivo Weather modeule 安全漏洞
vivo Weather modeule is a mobile weather service program from the Chinese company Vivo. A security vulnerability exists in vivo Weather modeule, which stems from improper storage of some parameters in the weather module, leaking some sensitive information...
vivo Alarm clock 安全漏洞
vivo Alarm clock is a cell phone alarm clock module from the Chinese company Vivo. A security vulnerability exists in vivo Alarm clock, which originates from improper storage of some parameters of the alarm clock module, leaking some sensitive information...
PT-2024-10899 · Unknown · Weather Module
Name of the Vulnerable Software and Affected Versions: Weather module affected versions not specified Description: The issue concerns the improper storage of some parameters within the weather module, leading to the leakage of sensitive information. Recommendations: At the moment, there is no...
CVE-2024-20507
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of...
CVE-2024-20507 Cisco Meeting Management Information Disclosure Vulnerability
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of...
CVE-2024-7783 Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm
mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT JSON Web Token used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of...
CVE-2024-7783 Improper Storage of Sensitive Information in Bearer Token in mintplex-labs/anything-llm
mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT JSON Web Token used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of...