Monthly
Cleartext storage of sensitive information in memory (CWE-316) affects both the Meona Client Launcher Component and the Meona Server Component from Mesalvo, exposing confidential data to local privileged attackers. The CVSS vector (AV:L/PR:H/S:C/C:H) indicates that a locally authenticated administrator can read sensitive material - likely credentials or session tokens - directly from process memory, with the changed scope suggesting this exposure can cascade to resources or components beyond the initially compromised process. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
SAP Business One stores sensitive data unencrypted in memory dump files, allowing high-privileged local users with user interaction to extract credentials and other confidential information. An attacker with access to these dumps could leverage the exposed data to perform unauthorized operations and modify company data within the B1 environment. No patch is currently available for this medium-severity vulnerability.
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
CVE-2025-52579 is a cleartext sensitive data storage vulnerability in Emerson ValveLink Products where cryptographic keys, credentials, or other sensitive information are retained unencrypted in process memory. An unauthenticated remote attacker can exploit this over the network with low complexity to extract sensitive data from memory dumps, core files, or crashed processes, potentially gaining unauthorized access to critical industrial control systems. The CVSS score of 9.4 reflects high confidentiality and integrity impact; however, KEV status, EPSS probability, and active exploitation data are not available in the provided sources, requiring real-time CISA monitoring for confirmation.
CVE-2025-50109 affects Emerson ValveLink Products, which store sensitive information in cleartext within accessible resource locations, allowing local attackers without privileges to read confidential data. With a CVSS score of 7.7 and local attack vector, this vulnerability poses a significant confidentiality and integrity risk to industrial control system environments. The vulnerability's KEV status and actual exploitation likelihood should be confirmed with CISA and vendor advisories, as the high CVSS reflects substantial information exposure potential in proximity-based attack scenarios.
CVE-2024-24915 is a security vulnerability (CVSS 6.1). Remediation should follow standard vulnerability management procedures.
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues. Rated low severity (CVSS 2.8). No vendor patch available.
Cleartext storage of sensitive information in memory (CWE-316) affects both the Meona Client Launcher Component and the Meona Server Component from Mesalvo, exposing confidential data to local privileged attackers. The CVSS vector (AV:L/PR:H/S:C/C:H) indicates that a locally authenticated administrator can read sensitive material - likely credentials or session tokens - directly from process memory, with the changed scope suggesting this exposure can cascade to resources or components beyond the initially compromised process. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
SAP Business One stores sensitive data unencrypted in memory dump files, allowing high-privileged local users with user interaction to extract credentials and other confidential information. An attacker with access to these dumps could leverage the exposed data to perform unauthorized operations and modify company data within the B1 environment. No patch is currently available for this medium-severity vulnerability.
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
CVE-2025-52579 is a cleartext sensitive data storage vulnerability in Emerson ValveLink Products where cryptographic keys, credentials, or other sensitive information are retained unencrypted in process memory. An unauthenticated remote attacker can exploit this over the network with low complexity to extract sensitive data from memory dumps, core files, or crashed processes, potentially gaining unauthorized access to critical industrial control systems. The CVSS score of 9.4 reflects high confidentiality and integrity impact; however, KEV status, EPSS probability, and active exploitation data are not available in the provided sources, requiring real-time CISA monitoring for confirmation.
CVE-2025-50109 affects Emerson ValveLink Products, which store sensitive information in cleartext within accessible resource locations, allowing local attackers without privileges to read confidential data. With a CVSS score of 7.7 and local attack vector, this vulnerability poses a significant confidentiality and integrity risk to industrial control system environments. The vulnerability's KEV status and actual exploitation likelihood should be confirmed with CISA and vendor advisories, as the high CVSS reflects substantial information exposure potential in proximity-based attack scenarios.
CVE-2024-24915 is a security vulnerability (CVSS 6.1). Remediation should follow standard vulnerability management procedures.
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues. Rated low severity (CVSS 2.8). No vendor patch available.