CWE-212 · Improper Removal of Sensitive Information Before Storage or Transfer
60 CVEs classified under CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-2818 | Critical | 9.8 | 2022-08-15 | Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. |
CVE-2026-42880 | Critical | 9.6 | 2026-05-07 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing au… |
CVE-2026-32891 | Critical | 9.1 | 2026-03-20 | Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contai… |
CVE-2022-0355 | High | 8.8 | 2022-01-26 | Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1. |
CVE-2022-4734 | High | 8.1 | 2022-12-25 | Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1. |
CVE-2022-1650 | High | 8.1 | 2022-05-12 | Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. |
CVE-2024-43384 | High | 8.0 | 2026-05-07 | A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer. |
CVE-2020-15094 | High | 8.0 | 2020-09-02 | In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests… |
CVE-2026-43824 | High | 7.7 | 2026-05-02 | In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data. |
CVE-2026-34214 | High | 7.7 | 2026-03-31 | Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (acce… |
CVE-2026-42186 | High | 7.5 | 2026-05-14 | OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to… |
CVE-2024-49997 | High | 7.5 | 2024-10-21 | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is no… |
CVE-2022-24798 | High | 7.5 | 2022-03-31 | Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in… |
CVE-2017-15113 | High | 7.2 | 2018-07-27 | ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log leve… |
CVE-2026-27892 | Medium | 6.5 | 2026-05-18 | FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-by… |
CVE-2026-43528 | Medium | 6.5 | 2026-05-05 | OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfi… |
CVE-2024-31493 | Medium | 6.0 | 2024-06-03 | An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7… |
CVE-2023-24547 | Medium | 5.9 | 2023-12-05 | On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local… |
CVE-2025-58049 | Medium | 5.8 | 2025-08-28 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1… |
CVE-2026-45046 | Medium | 5.5 | 2026-05-27 | Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite d… |