| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization. |
| During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. |
| An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. |
| Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. |
| During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. |
| An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. |
| HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
|
| SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application. |
| CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized
access of confidential data when a malicious user, having physical access and advanced information on the file
system, sets the radio in factory default mode. |
| Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. |
| Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen. |
| Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. |
| Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. |
| A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability. |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data. |
| A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508. |
| When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data. |
| Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json. |
