Total
1286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21815 | 1 Gallagher | 1 Command Centre | 2025-02-10 | N/A | 9.1 CRITICAL |
|
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
|
|||||
| CVE-2024-3543 | 1 Progress | 1 Loadmaster | 2025-02-10 | N/A | 6.4 MEDIUM |
|
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
|
|||||
| CVE-2024-4536 | 1 Eclipse | 1 Edc Connector | 2025-02-06 | N/A | 6.8 MEDIUM |
|
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault.
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specifi ...
Show More |
|||||
| CVE-2022-26341 | 1 Intel | 3 Active Management Technology Software Development Kit, Endpoint Management Assistant, Manageability Commander | 2025-02-05 | N/A | 8.2 HIGH |
|
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2023-25760 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 8.8 HIGH |
|
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
|
|||||
| CVE-2022-4308 | 1 Secomea | 1 Gatemanager | 2025-02-05 | N/A | 6.1 MEDIUM |
|
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
|
|||||
| CVE-2024-7389 | 1 Incsub | 1 Forminator | 2025-02-05 | N/A | 7.5 HIGH |
|
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.
|
|||||
| CVE-2021-33589 | 1 Ribose | 1 Rnp | 2025-02-04 | N/A | 7.5 HIGH |
|
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.
|
|||||
| CVE-2024-42012 | 2025-02-04 | N/A | 5.7 MEDIUM | ||
|
GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user.
|
|||||
| CVE-2023-28131 | 1 Expo | 1 Expo Software Development Kit | 2025-02-04 | N/A | 9.6 CRITICAL |
|
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).
|
|||||
| CVE-2024-53292 | 1 Dell | 1 Vxrail Hyperconverged Infrastructure | 2025-02-04 | N/A | 7.2 HIGH |
|
Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.
|
|||||
| CVE-2024-26133 | 1 Kurrent | 1 Eventstoredb | 2025-02-04 | N/A | 5.5 MEDIUM |
|
EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group ca ...
Show More |
|||||
| CVE-2024-28961 | 1 Dell | 1 Openmanage Enterprise | 2025-02-03 | N/A | 6.3 MEDIUM |
|
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.
|
|||||
| CVE-2023-28087 | 1 Hp | 1 Oneview | 2025-02-03 | N/A | 5.5 MEDIUM |
|
An HPE OneView appliance dump may expose OneView user accounts
|
|||||
| CVE-2023-28086 | 1 Hp | 1 Oneview | 2025-02-03 | N/A | 5.5 MEDIUM |
|
An HPE OneView appliance dump may expose proxy credential settings
|
|||||
| CVE-2023-26567 | 1 Sangoma | 1 Freepbx Linux 7 | 2025-02-03 | N/A | 8.1 HIGH |
|
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.
|
|||||
| CVE-2023-28090 | 1 Hp | 1 Oneview | 2025-02-03 | N/A | 5.5 MEDIUM |
|
An HPE OneView appliance dump may expose SNMPv3 read credentials
|
|||||
| CVE-2023-28089 | 1 Hp | 1 Oneview | 2025-02-03 | N/A | 7.1 HIGH |
|
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
|
|||||
| CVE-2023-28088 | 1 Hp | 1 Oneview | 2025-02-03 | N/A | 7.8 HIGH |
|
An HPE OneView appliance dump may expose SAN switch administrative credentials
|
|||||
| CVE-2023-28084 | 2 Hp, Hpe | 2 Oneview, Oneview Global Dashboard | 2025-02-03 | N/A | 5.5 MEDIUM |
|
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens
|
|||||
| CVE-2024-57395 | 2025-01-31 | N/A | 9.8 CRITICAL | ||
|
Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.
|
|||||
| CVE-2024-23733 | 2025-01-31 | N/A | 7.5 HIGH | ||
|
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.
|
|||||
| CVE-2023-24506 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2025-01-29 | N/A | 7.5 HIGH |
|
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.
|
|||||
| CVE-2024-28971 | 1 Dell | 1 Openmanage Enterprise Update Manager | 2025-01-27 | N/A | 3.5 LOW |
|
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
|
|||||
| CVE-2022-47880 | 1 Jedox | 2 Jedox, Jedox Cloud | 2025-01-27 | N/A | 5.3 MEDIUM |
|
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.
|
|||||
| CVE-2025-21111 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | N/A | 7.5 HIGH |
|
Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
|
|||||
| CVE-2025-21102 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | N/A | 7.5 HIGH |
|
Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
|
|||||
| CVE-2023-32988 | 1 Jenkins | 1 Azure Vm Agents | 2025-01-23 | N/A | 4.3 MEDIUM |
|
A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
|
|||||
| CVE-2023-4538 | 1 Comarch | 1 Erp Xl | 2025-01-23 | N/A | 6.2 MEDIUM |
|
The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords.
This issue affects ERP XL: from 2020.2.2 through 2023.2.
|
|||||
| CVE-2023-33000 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-01-23 | N/A | 7.5 HIGH |
|
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.
|
|||||
| CVE-2023-33263 | 1 Wftpd Project | 1 Wftpd | 2025-01-16 | N/A | 7.5 HIGH |
|
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006.
|
|||||
| CVE-2025-23040 | 2025-01-15 | N/A | 6.6 MEDIUM | ||
|
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop relies on Git to perform all network related operations (such as cloning, fetching, and pushing). When a user attempts to clone a repository GitHub Desktop will invoke `git clone` and when Git encounters a ...
Show More |
|||||
| CVE-2024-22345 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | N/A | 6.2 MEDIUM |
|
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192.
|
|||||
| CVE-2022-46142 | 1 Siemens | 202 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 199 more | 2025-01-14 | N/A | 5.7 MEDIUM |
|
Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.
|
|||||
| CVE-2023-25740 | 1 Mozilla | 1 Firefox | 2025-01-09 | N/A | 8.8 HIGH |
|
After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110.
|
|||||
| CVE-2024-29992 | 1 Microsoft | 1 Azure Identity Library For .net | 2025-01-09 | N/A | 5.5 MEDIUM |
|
Azure Identity Library for .NET Information Disclosure Vulnerability
|
|||||
| CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2025-01-08 | N/A | 4.6 MEDIUM |
|
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.
|
|||||
| CVE-2024-31899 | 1 Ibm | 1 Cognos Command Center | 2025-01-07 | N/A | 4.3 MEDIUM |
|
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.
|
|||||
| CVE-2024-49817 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | N/A | 4.4 MEDIUM |
|
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.
|
|||||
| CVE-2022-47376 | 1 Bd | 1 Alaris Infusion Central | 2025-01-03 | N/A | 7.3 HIGH |
|
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data.
|
|||||