Total
1286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0013 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.5 HIGH | 8.4 HIGH |
|
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
|
|||||
| CVE-2022-4693 | 1 Pickplugins | 1 User Verification | 2025-04-02 | N/A | 9.8 CRITICAL |
|
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
|
|||||
| CVE-2023-6259 | 1 Brivo | 4 Acs100, Acs100 Firmware, Acs300 and 1 more | 2025-04-01 | N/A | 7.1 HIGH |
|
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3.
|
|||||
| CVE-2022-46967 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2025-03-31 | N/A | 9.8 CRITICAL |
|
An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory.
|
|||||
| CVE-2023-35789 | 1 Rabbitmq-c Project | 1 Rabbitmq-c | 2025-03-30 | N/A | 5.5 MEDIUM |
|
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.
|
|||||
| CVE-2025-2908 | 2025-03-28 | N/A | N/A | ||
|
The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files.
|
|||||
| CVE-2025-2277 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.5 HIGH |
|
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.
|
|||||
| CVE-2024-6492 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 7.4 HIGH |
|
Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website.
|
|||||
| CVE-2024-29071 | 2025-03-28 | N/A | 8.8 HIGH | ||
|
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.
|
|||||
| CVE-2022-33954 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2025-03-27 | N/A | 4.6 MEDIUM |
|
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials.
|
|||||
| CVE-2022-43460 | 1 Fujifilm | 1 Driver Distributor | 2025-03-21 | N/A | 7.5 HIGH |
|
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted.
|
|||||
| CVE-2023-24619 | 1 Redpanda | 1 Redpanda | 2025-03-21 | N/A | 5.5 MEDIUM |
|
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.
|
|||||
| CVE-2025-2311 | 2025-03-21 | N/A | 9.0 CRITICAL | ||
|
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.
|
|||||
| CVE-2024-54471 | 1 Apple | 1 Macos | 2025-03-20 | N/A | 5.5 MEDIUM |
|
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.
|
|||||
| CVE-2022-41564 | 1 Tibco | 2 Hawk, Operational Intelligence Hawk Redtail | 2025-03-20 | N/A | 6.8 MEDIUM |
|
The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.
|
|||||
| CVE-2025-25650 | 2025-03-19 | N/A | 9.1 CRITICAL | ||
|
An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication.
|
|||||
| CVE-2023-25191 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | N/A | 7.5 HIGH |
|
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.
|
|||||
| CVE-2023-23466 | 1 Mediacp | 1 Media Control Panel | 2025-03-19 | N/A | 6.5 MEDIUM |
|
Media CP Media Control Panel latest version. Insufficiently protected credential change.
|
|||||
| CVE-2022-43969 | 1 Ricoh | 154 Im 2500, Im 2500 Firmware, Im 2702 and 151 more | 2025-03-19 | N/A | 9.1 CRITICAL |
|
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.
|
|||||
| CVE-2022-38714 | 1 Ibm | 2 Cloud Pak For Data, Datastage | 2025-03-18 | N/A | 4.9 MEDIUM |
|
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.
|
|||||
| CVE-2022-45599 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
|
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password.
|
|||||
| CVE-2024-47805 | 1 Jenkins | 1 Credentials | 2025-03-14 | N/A | 7.5 HIGH |
|
Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI.
|
|||||
| CVE-2023-50945 | 3 Ibm, Linux, Microsoft | 4 Aix, Common Licensing, Linux Kernel and 1 more | 2025-03-11 | N/A | 6.2 MEDIUM |
|
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
|
|||||
| CVE-2024-41771 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2025-03-07 | N/A | 7.5 HIGH |
|
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
|
|||||
| CVE-2024-41770 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2025-03-07 | N/A | 7.5 HIGH |
|
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
|
|||||
| CVE-2025-1886 | 2025-03-07 | N/A | N/A | ||
|
Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.
|
|||||
| CVE-2024-44754 | 2025-03-06 | N/A | 6.8 MEDIUM | ||
|
Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB.
|
|||||
| CVE-2023-38548 | 1 Veeam | 1 One | 2025-03-06 | N/A | 4.3 MEDIUM |
|
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
|
|||||
| CVE-2023-37362 | 1 Weintek | 1 Weincloud | 2025-03-06 | N/A | 7.2 HIGH |
|
Weintek Weincloud v0.13.6
could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.
|
|||||
| CVE-2024-12799 | 2025-03-05 | N/A | N/A | ||
|
Insufficiently Protected Credentials
vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,
64 bit allows Privilege Abuse. This vulnerability could allow an
authenticated user to obtain higher privileged user’s sensitive information via
crafted payload.
This issue affects Identity Manager Advanced
Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.
|
|||||
| CVE-2025-25570 | 2025-02-28 | N/A | 9.8 CRITICAL | ||
|
Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials.
|
|||||
| CVE-2025-0760 | 2025-02-26 | N/A | 2.7 LOW | ||
|
A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.
|
|||||
| CVE-2023-1574 | 1 Devolutions | 1 Remote Desktop Manager | 2025-02-25 | N/A | 6.5 MEDIUM |
|
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.
|
|||||
| CVE-2022-26844 | 1 Intel | 1 Single Event Api | 2025-02-25 | N/A | 7.8 HIGH |
|
Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-30296 | 1 Intel | 1 Datacenter Group Event | 2025-02-25 | N/A | 7.5 HIGH |
|
Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access.
|
|||||
| CVE-2024-37362 | 2025-02-20 | N/A | 6.3 MEDIUM | ||
|
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522)
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift.
Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation.
|
|||||
| CVE-2022-29507 | 1 Intel | 1 Team Blue | 2025-02-18 | N/A | 5.5 MEDIUM |
|
Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2025-0867 | 2025-02-14 | N/A | 9.9 CRITICAL | ||
|
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.
|
|||||
| CVE-2023-25413 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | N/A | 7.5 HIGH |
|
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.
|
|||||
| CVE-2023-25407 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | N/A | 7.2 HIGH |
|
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.
|
|||||