Total
58 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-30785 | 2026-03-05 | N/A | N/A | ||
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid ...
Show More |
|||||
| CVE-2026-20128 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-03-04 | N/A | 7.5 HIGH |
|
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system.
This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user ...
Show More |
|||||
| CVE-2025-57796 | 1 Explorance | 1 Blue | 2026-02-05 | N/A | 6.8 MEDIUM |
|
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.
|
|||||
| CVE-2025-27459 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-01-29 | N/A | 4.4 MEDIUM |
|
The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.
|
|||||
| CVE-2025-14295 | 2026-01-26 | N/A | N/A | ||
|
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.
|
|||||
| CVE-2025-8307 | 2026-01-08 | N/A | N/A | ||
|
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.
This vulnerability has been fixed in versions 4.50.1 and 5.38.0
|
|||||
| CVE-2025-34180 | 2025-12-15 | N/A | N/A | ||
|
NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through th ...
Show More |
|||||
| CVE-2024-32122 | 1 Fortinet | 1 Fortios | 2025-11-18 | N/A | 2.3 LOW |
|
A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.
|
|||||
| CVE-2024-32151 | 2025-11-04 | N/A | 5.9 MEDIUM | ||
|
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
|
|||||
| CVE-2023-31001 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-11-03 | N/A | 5.1 MEDIUM |
|
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.
|
|||||
| CVE-2025-44958 | 1 Commscope | 1 Ruckus Network Director | 2025-11-03 | N/A | 5.3 MEDIUM |
|
RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
|
|||||
| CVE-2025-35054 | 1 Newforma | 1 Project Center | 2025-10-22 | N/A | 5.3 MEDIUM |
|
Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.
|
|||||
| CVE-2025-40774 | 1 Siemens | 1 Sipass Integrated | 2025-10-16 | N/A | 4.4 MEDIUM |
|
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords.
Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.
|
|||||
| CVE-2025-8904 | 2025-10-14 | N/A | 8.5 HIGH | ||
|
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges.
Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.
|
|||||
| CVE-2024-45744 | 1 Topquadrant | 1 Topbraid Edg | 2025-10-02 | N/A | 3.0 LOW |
|
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using ...
Show More |
|||||
| CVE-2025-57789 | 1 Commvault | 1 Commvault | 2025-09-10 | N/A | 5.4 MEDIUM |
|
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
|
|||||
| CVE-2025-0280 | 2025-09-04 | N/A | 7.5 HIGH | ||
|
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
|
|||||
| CVE-2025-58049 | 1 Xwiki | 1 Xwiki | 2025-09-02 | N/A | 5.8 MEDIUM |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn't store passwords in plain text, and it shouldn't be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched ...
Show More |
|||||
| CVE-2024-32042 | 1 Cyberpower | 1 Powerpanel | 2025-07-30 | N/A | 4.9 MEDIUM |
|
The key used to encrypt passwords stored in the database can be found in
the
CyberPower PowerPanel
application code, allowing the passwords to be recovered.
|
|||||
| CVE-2025-6995 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 8.4 HIGH |
|
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
|
|||||
| CVE-2025-6996 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 8.4 HIGH |
|
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
|
|||||
| CVE-2025-25983 | 1 Macro-video | 1 V380 Pro | 2025-06-25 | N/A | 3.4 LOW |
|
An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.
|
|||||
| CVE-2024-51552 | 2025-05-23 | N/A | 6.0 MEDIUM | ||
|
Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
|
|||||
| CVE-2018-5446 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 2.1 LOW | 4.9 MEDIUM |
|
Medtronic 2090 CareLink Programmer
uses a per-product username and password that is stored in a recoverable format.
|
|||||
| CVE-2018-10622 | 1 Medtronic | 4 Mycarelink 24950 Patient Monitor, Mycarelink 24950 Patient Monitor Firmware, Mycarelink 24952 Patient Monitor and 1 more | 2025-05-22 | 1.9 LOW | 4.9 MEDIUM |
|
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.
|
|||||
| CVE-2017-9942 | 1 Siemens | 1 Sipass Integrated | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
|
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.
|
|||||
| CVE-2025-24852 | 2025-04-01 | N/A | 4.6 MEDIUM | ||
|
Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.
|
|||||
| CVE-2024-8774 | 2025-03-27 | N/A | N/A | ||
|
The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator.
This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched.
|
|||||
| CVE-2024-3543 | 1 Progress | 1 Loadmaster | 2025-02-10 | N/A | 6.4 MEDIUM |
|
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
|
|||||
| CVE-2022-46142 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2025-01-14 | N/A | 5.7 MEDIUM |
|
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.
|
|||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2025-01-03 | N/A | 7.3 HIGH |
|
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.
|
|||||
| CVE-2023-42955 | 1 Claris | 1 Filemaker Server | 2024-12-10 | N/A | 4.9 MEDIUM |
|
Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.
|
|||||
| CVE-2024-6694 | 2024-11-21 | N/A | 2.7 LOW | ||
|
The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be use ...
Show More |
|||||
| CVE-2024-32932 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
|
Under certain circumstances the web interface users credentials may be recovered by an authenticated user.
|
|||||
| CVE-2024-32756 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
|
Under certain circumstances the Linux users credentials may be recovered by an authenticated user.
|
|||||
| CVE-2024-1480 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
|
|||||
| CVE-2023-5627 | 1 Moxa | 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
|
|||||
| CVE-2023-38738 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2024-11-21 | N/A | 6.8 MEDIUM |
|
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.
|
|||||
| CVE-2023-31150 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2024-11-21 | N/A | 8.0 HIGH |
|
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.
See SEL Service Bulletin dated 2022-11-15 for more details.
|
|||||
| CVE-2023-2881 | 1 Pimcore | 1 Customer-data-framework | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
|
|||||