Skip to main content

CWE-921

Storage of Sensitive Data in a Mechanism without Access Control

6 CVEs Avg CVSS 6.8 MITRE
1
CRITICAL
2
HIGH
3
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-30016 CRITICAL Act Now

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-24843 MEDIUM This Month

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-24870 MEDIUM This Month

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft SAP Privilege Escalation Windows
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2024-5206 PyPI MEDIUM PATCH This Month

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. Rated medium severity (CVSS 4.7).

Information Disclosure Scikit Learn
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-41965 HIGH This Week

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modulys Gp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2665 PHP HIGH PATCH This Week

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
EPSS 0% CVSS 9.8
CRITICAL Act Now

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft SAP Privilege Escalation +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. Rated medium severity (CVSS 4.7).

Information Disclosure Scikit Learn
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modulys Gp Firmware
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy