CVEs classified under CWE-922, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-12539 — CVSS 10.0 (critical): The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including…
CVE-2023-32191 — CVSS 9.9 (critical): When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of…
CVE-2023-29727 — CVSS 9.8 (critical): The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its…
CVE-2021-27170 — CVSS 9.8 (critical): An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity…
CVE-2020-8481 — CVSS 9.8 (critical): For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0…
CVE-2021-28813 — CVSS 9.6 (critical): A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running…
CVE-2025-8699 — CVSS 9.1 (critical): Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to…
CVE-2024-30896 — CVSS 9.1 (critical): InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with…
CVE-2024-10943 — CVSS 9.1 (critical): An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and…
CVE-2025-10971: Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue…
CVE-2025-28244 — CVSS 8.8 (high): Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session…
CVE-2023-42913 — CVSS 8.8 (high): This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to…
CVE-2017-7253 — CVSS 8.8 (high): Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a…
CVE-2025-14376: A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in…
CVE-2025-46627 — CVSS 8.2 (high): Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by…
CVE-2025-2241 — CVSS 8.2 (high): A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter…
CVE-2024-37144 — CVSS 8.2 (high): Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x…
CVE-2024-48770 — CVSS 8.2 (high): An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update…
CVE-2022-44619 — CVSS 8.2 (high): Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially…
CVE-2026-40868 — CVSS 8.1 (high): Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper…
CVE-2024-3501 — CVSS 8.1 (high): In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use…
CVE-2024-22773 — CVSS 8.1 (high): Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in…
CVE-2023-31150 — CVSS 8.0 (high): A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL…
CVE-2023-32184 — CVSS 7.8 (high): A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user…
CVE-2023-29757 — CVSS 7.8 (high): An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating…
CVE-2023-29755 — CVSS 7.8 (high): An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the…
CVE-2020-8482 — CVSS 7.8 (high): Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low…
CVE-2025-45242 — CVSS 7.7 (high): Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in…
CVE-2024-42018 — CVSS 7.7 (high): An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved…
CVE-2024-29968 — CVSS 7.7 (high): An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in…
CVE-2020-5262 — CVSS 7.7 (high): In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like…
CVE-2023-45859 — CVSS 7.6 (high): In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client…
CVE-2024-12315 — CVSS 7.5 (high): The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all…
CVE-2024-57546 — CVSS 7.5 (high): An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
CVE-2025-22984 — CVSS 7.5 (high): An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access…
CVE-2025-22983 — CVSS 7.5 (high): An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive…
CVE-2024-56113 — CVSS 7.5 (high): Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django…
CVE-2024-47043 — CVSS 7.5 (high): Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the…
CVE-2024-48939 — CVSS 7.5 (high): Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with…
CVE-2024-10028 — CVSS 7.5 (high): The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive…
CVE-2024-48353 — CVSS 7.5 (high): Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the…
CVE-2024-48352 — CVSS 7.5 (high): Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with…
CVE-2024-48783 — CVSS 7.5 (high): An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf…
CVE-2024-47197 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype…
CVE-2024-39339 — CVSS 7.5 (high): A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This…
CVE-2024-5598 — CVSS 7.5 (high): The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4…
CVE-2024-5599 — CVSS 7.5 (high): The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all…
CVE-2024-22808 — CVSS 7.5 (high): An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the…
CVE-2024-28069 — CVSS 7.5 (high): A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to…