CWE-922
373 CVEs classified under CWE-922. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-12539 | Critical | 10.0 | 2025-11-11 | The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due… |
CVE-2023-32191 | Critical | 9.9 | 2024-10-16 | When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself… |
CVE-2024-4995 | Critical | 9.8 | 2024-12-18 | Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data int… |
CVE-2023-29727 | Critical | 9.8 | 2023-05-30 | The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related… |
CVE-2021-42371 | Critical | 9.8 | 2021-11-08 | lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. |
CVE-2021-27170 | Critical | 9.8 | 2021-02-10 | An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal manag… |
CVE-2020-8481 | Critical | 9.8 | 2020-04-29 | For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0… |
CVE-2017-5250 | Critical | 9.8 | 2018-02-22 | In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and… |
CVE-2017-5249 | Critical | 9.8 | 2018-02-22 | In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encryp… |
CVE-2024-7569 | Critical | 9.6 | 2024-08-13 | An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain th… |
CVE-2021-28813 | Critical | 9.6 | 2021-09-10 | A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If explo… |
CVE-2026-33407 | Critical | 9.1 | 2026-03-24 | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP_PROXY and HTTPS_P… |
CVE-2025-8699 | Critical | 9.1 | 2025-09-12 | Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance… |
CVE-2024-53932 | Critical | 9.1 | 2025-01-06 | The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (… |
CVE-2024-53931 | Critical | 9.1 | 2025-01-06 | The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place p… |
CVE-2024-30896 | Critical | 9.1 | 2024-11-21 | InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the a… |
CVE-2024-10943 | Critical | 9.1 | 2024-11-12 | An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat … |
CVE-2025-28244 | High | 8.8 | 2025-07-10 | Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localSt… |
CVE-2023-42913 | High | 8.8 | 2024-03-28 | This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk acc… |
CVE-2023-43634 | High | 8.8 | 2023-09-21 | When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configurati… |