Total
155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-45702 | 2025-07-25 | N/A | 6.5 MEDIUM | ||
| SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext. | |||||
| CVE-2025-52164 | 2025-07-22 | N/A | 8.2 HIGH | ||
| Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext. | |||||
| CVE-2025-53669 | 1 Jenkins | 1 Vaddy | 2025-07-18 | N/A | 4.3 MEDIUM |
| Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-53665 | 1 Jenkins | 1 Apica Loadtest | 2025-07-18 | N/A | 4.3 MEDIUM |
| Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-53664 | 1 Jenkins | 1 Apica Loadtest | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53655 | 1 Jenkins | 1 Statistics Gatherer | 2025-07-18 | N/A | 5.3 MEDIUM |
| Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2025-53660 | 1 Jenkins | 1 Qmetry Test Management | 2025-07-18 | N/A | 4.3 MEDIUM |
| Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-53656 | 1 Jenkins | 1 Readyapi Functional Testing | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53662 | 1 Jenkins | 1 Ifttt Build Notifier | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-7357 | 2025-07-17 | N/A | N/A | ||
| LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs. | |||||
| CVE-2024-45638 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | N/A | 4.1 MEDIUM |
| IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. | |||||
| CVE-2025-53677 | 2025-07-10 | N/A | 5.3 MEDIUM | ||
| Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2025-53671 | 2025-07-10 | N/A | 6.5 MEDIUM | ||
| Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-53675 | 2025-07-10 | N/A | 6.5 MEDIUM | ||
| Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53674 | 2025-07-10 | N/A | 5.3 MEDIUM | ||
| Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2024-43186 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | |||||
| CVE-2025-1709 | 2025-07-03 | N/A | 6.5 MEDIUM | ||
| Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded). | |||||
| CVE-2024-23486 | 1 Buffalo | 8 Wsr-2533dhp, Wsr-2533dhp2, Wsr-2533dhp2 Firmware and 5 more | 2025-06-30 | N/A | 9.8 CRITICAL |
| Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. | |||||
| CVE-2025-6560 | 2025-06-26 | N/A | 9.8 CRITICAL | ||
| Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the device is recommended. | |||||
| CVE-2025-6561 | 2025-06-26 | N/A | 9.8 CRITICAL | ||
| Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. | |||||