CWE-922

373 CVEs classified under CWE-922. Browse by severity and year.

Top CVEs for CWE-922
CVESeverityScorePublishedSummary
CVE-2025-12539Critical10.02025-11-11The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due…
CVE-2023-32191Critical9.92024-10-16When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself…
CVE-2024-4995Critical9.82024-12-18Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data int…
CVE-2023-29727Critical9.82023-05-30The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related…
CVE-2021-42371Critical9.82021-11-08lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
CVE-2021-27170Critical9.82021-02-10An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal manag…
CVE-2020-8481Critical9.82020-04-29For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0…
CVE-2017-5250Critical9.82018-02-22In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and…
CVE-2017-5249Critical9.82018-02-22In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encryp…
CVE-2024-7569Critical9.62024-08-13An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain th…
CVE-2021-28813Critical9.62021-09-10A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If explo…
CVE-2026-33407Critical9.12026-03-24Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP_PROXY and HTTPS_P…
CVE-2025-8699Critical9.12025-09-12Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance…
CVE-2024-53932Critical9.12025-01-06The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (…
CVE-2024-53931Critical9.12025-01-06The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place p…
CVE-2024-30896Critical9.12024-11-21InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the a…
CVE-2024-10943Critical9.12024-11-12An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat …
CVE-2025-28244High8.82025-07-10Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localSt…
CVE-2023-42913High8.82024-03-28This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk acc…
CVE-2023-43634High8.82023-09-21 When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configurati…