Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-35054 | 1 Newforma | 1 Project Center | 2025-10-22 | N/A | 5.3 MEDIUM |
| Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources. | |||||
| CVE-2025-40774 | 1 Siemens | 1 Sipass Integrated | 2025-10-16 | N/A | 4.4 MEDIUM |
| A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise. | |||||
| CVE-2025-8904 | 2025-10-14 | N/A | 8.5 HIGH | ||
| Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below. | |||||
| CVE-2024-45744 | 1 Topquadrant | 1 Topbraid Edg | 2025-10-02 | N/A | 3.0 LOW |
| TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets. | |||||
| CVE-2025-44958 | 1 Commscope | 1 Ruckus Network Director | 2025-09-23 | N/A | 5.3 MEDIUM |
| RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. | |||||
| CVE-2025-57789 | 1 Commvault | 1 Commvault | 2025-09-10 | N/A | 5.4 MEDIUM |
| During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. | |||||
| CVE-2025-0280 | 2025-09-04 | N/A | 7.5 HIGH | ||
| A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. | |||||
| CVE-2025-58049 | 1 Xwiki | 1 Xwiki | 2025-09-02 | N/A | 5.8 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn't store passwords in plain text, and it shouldn't be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1. | |||||
| CVE-2024-32042 | 1 Cyberpower | 1 Powerpanel | 2025-07-30 | N/A | 4.9 MEDIUM |
| The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. | |||||
| CVE-2024-32122 | 1 Fortinet | 1 Fortios | 2025-07-18 | N/A | 2.3 LOW |
| A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server. | |||||
| CVE-2025-6995 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 8.4 HIGH |
| Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. | |||||
| CVE-2025-6996 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 8.4 HIGH |
| Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. | |||||
| CVE-2025-27459 | 2025-07-03 | N/A | 4.4 MEDIUM | ||
| The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered. | |||||
| CVE-2025-25983 | 1 Macro-video | 1 V380 Pro | 2025-06-25 | N/A | 3.4 LOW |
| An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component. | |||||
| CVE-2024-51552 | 2025-05-23 | N/A | 6.0 MEDIUM | ||
| Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2018-5446 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 2.1 LOW | 4.9 MEDIUM |
| Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. | |||||
| CVE-2018-10622 | 1 Medtronic | 4 Mycarelink 24950 Patient Monitor, Mycarelink 24950 Patient Monitor Firmware, Mycarelink 24952 Patient Monitor and 1 more | 2025-05-22 | 1.9 LOW | 4.9 MEDIUM |
| Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. | |||||
| CVE-2017-9942 | 1 Siemens | 1 Sipass Integrated | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems. | |||||
| CVE-2025-24852 | 2025-04-01 | N/A | 4.6 MEDIUM | ||
| Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password. | |||||
| CVE-2024-8774 | 2025-03-27 | N/A | N/A | ||
| The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch 6.30@a03.9, which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched. | |||||