CWE-922 373 個 CVE MITRE 定義 ↗

CWE-922:Insecure Storage of Sensitive Information

概覽

CWE-922(Insecure Storage of Sensitive Information)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-46511 2026-06-05 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSettin…
CVE-2026-5515 2026-05-27 IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2025-32751 2026-05-22 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabil…
CVE-2025-32746 2026-05-22 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerab…
CVE-2026-7257 2026-05-12 ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker w…
CVE-2026-40868 2026-04-21 Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno co…
CVE-2026-26152 2026-04-14 Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-5666 2026-04-06 A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler.…
CVE-2026-5650 2026-04-06 A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in i…
CVE-2026-33407 2026-03-24 Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP_PROXY and HTTPS_PROXY environment variables without valida…
CVE-2025-10734 2026-03-23 The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to…
CVE-2026-20629 2026-02-11 A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
CVE-2025-10464 2026-02-09 Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: …
CVE-2025-70963 2026-02-06 Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login.…
CVE-2025-14376 2026-01-20 A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been re…
CVE-2025-10971 2025-12-02 Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.
CVE-2025-12539 2025-11-11 The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credenti…
CVE-2025-61482 2025-10-27 Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into a…
CVE-2025-60856 2025-10-20 Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitra…
CVE-2025-11645 2025-10-12 A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to i…

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2013-06-23
版本
2.5

內容修訂

日期 名稱 版本 重要性 評論
2017-11-08 CWE Content Team 3.0 updated Modes_of_Introduction, Relationships
2019-06-20 CWE Content Team 3.3 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Maintenance_Notes
2021-10-28 CWE Content Team 4.6 updated Relationships
2022-10-13 CWE Content Team 4.9 updated Common_Consequences, Relationship_Notes
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2025-12-11 CWE Content Team 4.19 updated Demonstrative_Examples, References, Relationships, Weakness_Ordinalities

貢獻

類型 名稱 日期 評論
Feedback Mathias Millet 2022-07-08 Suggested changes to Common Consequences and Relationship Notes.
cvelogic Threat Intelligence