Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-922 (敏感信息的不安全存储) — Vulnerability Class 96

96 vulnerabilities classified as CWE-922 (敏感信息的不安全存储). AI Chinese analysis included.

CWE-922 represents a critical data protection weakness where applications store sensitive information without enforcing adequate access controls. This flaw typically allows attackers to exploit insufficient read permissions to steal confidential data, such as credentials or personal identifiable information, or leverage inadequate write restrictions to modify or delete records, potentially causing data corruption or denial of service. To mitigate this risk, developers must implement strict file system permissions, ensuring that only authorized processes can access sensitive files. Additionally, employing robust encryption for data at rest, utilizing secure key management practices, and regularly auditing access logs are essential strategies. By rigorously limiting both read and write operations to trusted entities, organizations can significantly reduce the attack surface and protect the integrity and confidentiality of stored information against unauthorized exploitation.

MITRE CWE Description
The product stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.
Common Consequences (2)
ConfidentialityRead Application Data, Read Files or Directories
Attackers can read sensitive information by accessing the unrestricted storage mechanism.
IntegrityModify Application Data, Modify Files or Directories
Attackers can overwrite sensitive information by accessing the unrestricted storage mechanism.
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2026-40868 kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token — kyverno 8.1 High2026-04-21
CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.0 High2026-04-14
CVE-2026-5666 code-projects Online FIR System SQL Database Backup File complaints.sql sensitive information — Online FIR System 5.3 Medium2026-04-06
CVE-2026-5650 code-projects Online Application System for Admission oas.sql sensitive information — Online Application System for Admission 5.3 Medium2026-04-06
CVE-2025-10734 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure — ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema 5.3 Medium2026-03-23
CVE-2025-10464 Cleartext password storage in Birtech Information Technologies' Sensaway — Senseway 6.5 Medium2026-02-09
CVE-2025-14376 Verve Asset Manager – Plaintext Storage Vulnerabilities — Verve Asset Manager 6.5AIMediumAI2026-01-20
CVE-2025-10971 Insecure Storage of Sensitive Information — MeetMe 6.5AIMediumAI2025-12-02
CVE-2025-12539 TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover — TNC Toolbox: Web Performance 10.0 Critical2025-11-11
CVE-2025-11645 Tomofun Furbo Mobile App Authentication Token sensitive information — Furbo Mobile App 2.4 Low2025-10-12
CVE-2025-11644 Tomofun Furbo 360/Furbo Mini UART sensitive information — Furbo 360 2.0 Low2025-10-12
CVE-2025-11639 Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information — Furbo 360 3.3 Low2025-10-12
CVE-2025-35054 Newforma Info Exchange (NIX) insufficiently protected credentials — Project Center 5.3 Medium2025-10-09
CVE-2025-8699 KioSoft Stored Value Unattended Payment Solutions 安全漏洞 — Stored Value Unattended Payment Solution 8.1 -2025-09-12
CVE-2025-54083 Calix GigaCenter ONT firmware - Sensitive Information Disclosure — GigaCenter ONT 9.8AICriticalAI2025-09-09
CVE-2025-53507 iND多款产品 安全漏洞 — HL330-DLS (for module MC7700) 6.5 -2025-08-29
CVE-2025-37110 Sensitive Credential Information stored insecurely in System Database — HPE Telco Network Function Virtual Orchestrator 6.0 Medium2025-07-31
CVE-2025-42979 Insecure Key & Secret Management vulnerability in SAP GUI for Windows — SAP GUI for Windows 5.6 Medium2025-07-08
CVE-2025-48929 TeleMessage 安全漏洞 — service 4.0 Medium2025-05-28
CVE-2024-13954 Serialization / Deserialization of configuration data — ASPECT-Enterprise 6.5 Medium2025-05-22
CVE-2025-2440 Schneider Electric Trio Q Licensed Data Radio 安全漏洞 — Trio Q Licensed Data Radio 4.2 Medium2025-04-09
CVE-2025-29809 Windows Kerberos Security Feature Bypass Vulnerability — Windows 10 Version 1507 7.1 High2025-04-08
CVE-2025-2489 Insecure storage of sensitive information in NTFS Tool — Ntfs tool 5.5 -2025-03-18
CVE-2025-2241 Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm 8.2 High2025-03-17
CVE-2025-2157 Foreman: disclosure of executed commands and outputs in foreman / red hat satellite — Satellite Server 3.3 Low2025-03-15
CVE-2025-21098 Liteos-A has an insecure storage of sensitive information vulnerability — OpenHarmony 5.5 Medium2025-03-04
CVE-2025-22492 Insecure storage of connection strings in FRS — Foreseer Reporting Software (FRS) 6.3 Medium2025-02-28
CVE-2024-12315 Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory — Export All Posts, Products, Orders, Refunds & Users 7.5 High2025-02-12
CVE-2024-55931 Token stored in session storage — Xerox Workplace Suite 6.5 Medium2025-01-27
CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability — Windows 10 Version 1507 7.1 High2025-01-14

Vulnerabilities classified as CWE-922 (敏感信息的不安全存储) represent 96 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.