Falhas do tipo CWE-922
278 resultadosCVE-2024-23241MEDIUMThis issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4. AEPSS 0.4%CVE-2024-3723MEDIUMAdvanced Contact form 7 DB <= 2.0.2 - Sensitive Information ExposureEPSS 0.4%CVE-2023-42823LOWThe issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 1EPSS 0.4%CVE-2024-5288MEDIUMSafe-error attack on TLS 1.3 ProtocolEPSS 0.4%CVE-2023-5879MEDIUMAladdin Connect Android Application Insecure StorageEPSS 0.4%CVE-2024-38453HIGHThe Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-EPSS 0.4%CVE-2024-39459MEDIUMIn rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoEPSS 0.4%CVE-2019-5625LOWEaton Halo Home Android App Insecure StorageEPSS 0.4%CVE-2024-32236LOWAn issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php compoEPSS 0.4%CVE-2024-29965MEDIUMInsecure backupEPSS 0.4%CVE-2024-3501CRITICALExposure of Sensitive Information in lunary-ai/lunaryEPSS 0.4%CVE-2023-29757HIGHAn issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating thEPSS 0.4%CVE-2023-29755HIGHAn issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPrEPSS 0.4%CVE-2021-25406—Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT dEPSS 0.4%CVE-2025-37100HIGHExposure of Sensitive Information to an Unauthorized User in HPE Aruba Networking Private 5G CoreEPSS 0.4%CVE-2024-39339HIGHA vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguEPSS 0.4%CVE-2024-23217LOWA privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3,EPSS 0.4%CVE-2023-37439MEDIUMReflected Cross Site Scripting in EdgeConnect SD-WAN Orchestrator Web Management InterfaceEPSS 0.4%CVE-2025-28171MEDIUMAn issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cEPSS 0.4%CVE-2024-48783MEDIUMAn issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf componentEPSS 0.4%