Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1603 | 2 Fedoraproject, Opensc-project | 2 Fedora, Opensc | 2025-04-09 | 4.3 MEDIUM | 7.5 HIGH |
|
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
|
|||||
| CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
|
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
|
|||||
| CVE-2009-1466 | 1 Klinzmann | 1 Application Access Server | 2025-04-09 | 2.1 LOW | 5.5 MEDIUM |
|
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2025-04-09 | 5.0 MEDIUM | 9.8 CRITICAL |
|
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
|
|||||
| CVE-2009-0152 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
|
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2008-6157 | 1 Sepcity | 1 Classified Ads | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
|
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.
|
|||||
| CVE-2009-0964 | 1 Xlinesoft | 1 Phprunner | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
|
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
|
|||||
| CVE-2010-0225 | 1 Sandisk | 2 Cruzer Enterprise, Cruzer Enterprise Firmware | 2025-04-09 | 4.6 MEDIUM | N/A |
|
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
|
|||||
| CVE-2025-23215 | 2025-04-04 | N/A | N/A | ||
|
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered potentially compromised. As a mitigation, both compromised keys have been revoked so that no future use of the keys are possible. Note, that the published artifacts in Maven Central under the group id net. ...
Show More |
|||||
| CVE-2024-51993 | 1 Combodo | 1 Itop | 2025-04-04 | N/A | 3.4 LOW |
|
Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application.
### Patches
Sanitize parameter
### References
N°7631 - Password is stored in clear in the database.
|
|||||
| CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2025-04-03 | 1.9 LOW | 5.5 MEDIUM |
|
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
|
|||||
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2002-1800 | 1 Phprank | 1 Phprank | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
|
|||||
| CVE-2001-1537 | 1 Symfony | 1 Twig | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
|
|||||
| CVE-2004-2397 | 1 Broadcom | 1 Bluecoat Security Gateway | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
|
|||||
| CVE-2001-1481 | 1 Xitami | 1 Xitami | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
|
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
|
|||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Personal Privacy | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
|
|||||
| CVE-2001-1536 | 1 Audiogalaxy | 1 Audiogalaxy | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
|
|||||
| CVE-2005-1828 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2025-04-03 | 7.5 HIGH | 7.5 HIGH |
|
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2023-24454 | 1 Jenkins | 1 Testquality Updater | 2025-04-02 | N/A | 5.5 MEDIUM |
|
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2023-24450 | 1 Jenkins | 1 View-cloner | 2025-04-02 | N/A | 6.5 MEDIUM |
|
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
|
|||||
| CVE-2023-24442 | 1 Jenkins | 1 Github Pull Request Coverage Status | 2025-04-02 | N/A | 5.5 MEDIUM |
|
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2023-24439 | 1 Jenkins | 1 Jira Pipeline Steps | 2025-04-02 | N/A | 5.5 MEDIUM |
|
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2025-2922 | 2025-04-01 | 1.2 LOW | 2.0 LOW | ||
|
A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosur ...
Show More |
|||||
| CVE-2025-0418 | 2025-04-01 | N/A | N/A | ||
|
Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
|
|||||
| CVE-2025-25758 | 1 Kukufm | 1 Kukufm | 2025-04-01 | N/A | 7.5 HIGH |
|
An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml
|
|||||
| CVE-2024-28065 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
|
In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.
|
|||||
| CVE-2025-2909 | 2025-03-28 | N/A | N/A | ||
|
The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.
|
|||||
| CVE-2022-48073 | 1 Phicomm | 2 K2, K2 Firmware | 2025-03-28 | N/A | 7.5 HIGH |
|
Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext.
|
|||||
| CVE-2022-48071 | 1 Phicomm | 2 K2, K2 Firmware | 2025-03-28 | N/A | 7.5 HIGH |
|
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
|
|||||
| CVE-2022-45897 | 1 Xerox | 2 Workcentre 3550, Workcentre 3550 Firmware | 2025-03-28 | N/A | 6.5 MEDIUM |
|
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.
|
|||||
| CVE-2024-21993 | 1 Netapp | 1 Snapcenter | 2025-03-27 | N/A | 5.7 MEDIUM |
|
SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability
which could allow an authenticated attacker to discover plaintext
credentials.
|
|||||
| CVE-2020-36248 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 2.1 LOW | 3.9 LOW |
|
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
|
|||||
| CVE-2024-20292 | 1 Cisco | 1 Duo Authentication For Windows Logon And Rdp | 2025-03-24 | N/A | 4.4 MEDIUM |
|
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.
|
|||||
| CVE-2019-16638 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2025-03-18 | N/A | 7.5 HIGH |
|
An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1.
|
|||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2025-03-14 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password.
|
|||||
| CVE-2024-25024 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-03-13 | N/A | 5.5 MEDIUM |
|
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.
|
|||||
| CVE-2024-41716 | 1 Idec | 2 Windldr, Windo\/i-nv4 | 2025-03-13 | N/A | 8.1 HIGH |
|
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.
|
|||||
| CVE-2024-23584 | 2025-03-13 | N/A | 6.6 MEDIUM | ||
|
The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry.
|
|||||
| CVE-2025-2189 | 2025-03-11 | N/A | N/A | ||
|
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.
|
|||||