Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35117 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-03-10 | N/A | 4.4 MEDIUM |
|
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
|
|||||
| CVE-2022-48310 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 5.5 MEDIUM |
|
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.
|
|||||
| CVE-2025-22896 | 1 Myscada | 1 Mypro | 2025-03-04 | N/A | 8.6 HIGH |
|
mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
|
|||||
| CVE-2023-25596 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | N/A | 4.5 MEDIUM |
|
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
|
|||||
| CVE-2024-13843 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | N/A | 6.0 MEDIUM |
|
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
|
|||||
| CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | N/A | 8.6 HIGH |
|
The
firmwaredownload command on Brocade Fabric OS v9.2.0 could log the
FTP/SFTP/SCP server password in clear text in the SupportSave file when
performing a downgrade from Fabric OS v9.2.0 to any earlier version of
Fabric OS.
|
|||||
| CVE-2023-31423 | 1 Broadcom | 1 Brocade Sannav | 2025-02-13 | N/A | 5.7 MEDIUM |
|
Possible
information exposure through log file vulnerability where sensitive
fields are recorded in the configuration log without masking on Brocade
SANnav before v2.3.0 and 2.2.2a. Notes:
To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave"
outputs.
|
|||||
| CVE-2023-0614 | 1 Samba | 1 Samba | 2025-02-13 | N/A | 6.5 MEDIUM |
|
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
|
|||||
| CVE-2024-49800 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
|
IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user.
|
|||||
| CVE-2024-53651 | 2025-02-11 | N/A | 4.6 MEDIUM | ||
|
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 ...
Show More |
|||||
| CVE-2024-45718 | 2025-02-11 | N/A | 4.6 MEDIUM | ||
|
Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data.
|
|||||
| CVE-2023-26593 | 1 Yokogawa | 8 B\/m9000 Vp, B\/m9000cs, Centum Cs 1000 and 5 more | 2025-02-10 | N/A | 7.8 HIGH |
|
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained ...
Show More |
|||||
| CVE-2023-22949 | 1 Tigergraph | 2 Cloud, Tigergraph Enterprise | 2025-02-07 | N/A | 4.9 MEDIUM |
|
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.
|
|||||
| CVE-2023-30531 | 1 Jenkins | 1 Consul Kv Builder | 2025-02-07 | N/A | 6.5 MEDIUM |
|
Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.
|
|||||
| CVE-2023-30530 | 1 Jenkins | 1 Consul Kv Builder | 2025-02-07 | N/A | 4.3 MEDIUM |
|
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2023-30528 | 1 Jenkins | 1 Wso2 Oauth | 2025-02-07 | N/A | 6.5 MEDIUM |
|
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.
|
|||||
| CVE-2023-30527 | 1 Jenkins | 1 Wso2 Oauth | 2025-02-07 | N/A | 4.3 MEDIUM |
|
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2023-30523 | 1 Jenkins | 1 Report Portal | 2025-02-07 | N/A | 4.3 MEDIUM |
|
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
|
|||||
| CVE-2023-29480 | 1 Ribose | 1 Rnp | 2025-02-04 | N/A | 7.5 HIGH |
|
Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.
|
|||||
| CVE-2023-31043 | 1 Enterprisedb | 1 Postgres Advanced Server | 2025-02-04 | N/A | 7.5 HIGH |
|
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0.
|
|||||
| CVE-2024-29952 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 5.5 MEDIUM |
|
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.
|
|||||
| CVE-2024-29956 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 6.5 MEDIUM |
|
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.
|
|||||
| CVE-2023-29471 | 1 Lightbend | 1 Alpakka Kafka | 2025-01-31 | N/A | 5.5 MEDIUM |
|
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
|
|||||
| CVE-2025-0142 | 2025-01-30 | N/A | 4.3 MEDIUM | ||
|
Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.
|
|||||
| CVE-2023-24586 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2025-01-28 | N/A | 6.5 MEDIUM |
|
Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product.
|
|||||
| CVE-2023-20914 | 1 Google | 1 Android | 2025-01-24 | N/A | 5.5 MEDIUM |
|
In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-189942529
|
|||||
| CVE-2023-32983 | 1 Jenkins | 1 Ansible | 2025-01-23 | N/A | 5.3 MEDIUM |
|
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
|
|||||
| CVE-2023-32982 | 1 Jenkins | 1 Ansible | 2025-01-23 | N/A | 4.3 MEDIUM |
|
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
|
|||||
| CVE-2024-46505 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
|
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
|
|||||
| CVE-2024-52525 | 1 Nextcloud | 1 Nextcloud Server | 2025-01-23 | N/A | 1.8 LOW |
|
Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.
|
|||||
| CVE-2023-28345 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | N/A | 4.6 MEDIUM |
|
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines.
|
|||||
| CVE-2025-23027 | 2025-01-13 | N/A | N/A | ||
|
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.
|
|||||
| CVE-2023-28713 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | N/A | 8.1 HIGH |
|
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user.
|
|||||
| CVE-2023-27706 | 1 Bitwarden | 1 Bitwarden | 2025-01-06 | N/A | 7.1 HIGH |
|
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
|
|||||
| CVE-2023-27370 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 5.7 MEDIUM |
|
NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An ...
Show More |
|||||
| CVE-2024-55196 | 2025-01-02 | N/A | 7.5 HIGH | ||
|
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.
|
|||||
| CVE-2024-9802 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2024-12-19 | N/A | 5.3 MEDIUM |
|
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.
|
|||||
| CVE-2024-9798 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2024-12-19 | N/A | 9.0 CRITICAL |
|
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.
|
|||||
| CVE-2024-51175 | 2024-12-18 | N/A | 7.5 HIGH | ||
|
An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component.
|
|||||
| CVE-2024-55582 | 2024-12-11 | N/A | 5.7 MEDIUM | ||
|
Oxide before 6 has unencrypted Control Plane datastores.
|
|||||