Total
652 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35120 | 1 Ixpdata | 1 Easyinstall | 2025-04-24 | N/A | 8.8 HIGH |
| IXPdata EasyInstall 6.6.14725 contains an access control issue. | |||||
| CVE-2024-42451 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-24 | N/A | 6.5 MEDIUM |
| A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform. | |||||
| CVE-2020-11918 | 1 Svakom | 2 Svakom Siime Eye, Svakom Siime Eye Firmware | 2025-04-24 | N/A | 5.4 MEDIUM |
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. | |||||
| CVE-2022-31697 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-04-22 | N/A | 5.5 MEDIUM |
| The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | |||||
| CVE-2017-14990 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | |||||
| CVE-2017-1309 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. | |||||
| CVE-2017-13663 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key. | |||||
| CVE-2017-2723 | 1 Huawei | 1 Files | 2025-04-20 | 2.1 LOW | 6.7 MEDIUM |
| The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. | |||||
| CVE-2017-3214 | 1 Milwaukeetool | 1 One-key | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | |||||
| CVE-2020-14480 | 1 Rockwellautomation | 1 Factorytalk View | 2025-04-17 | 2.1 LOW | 5.5 MEDIUM |
| Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials. | |||||
| CVE-2024-40582 | 1 Pentaminds | 1 Curovms | 2025-04-17 | N/A | 7.5 HIGH |
| Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information. | |||||
| CVE-2024-22084 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 7.5 HIGH |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. | |||||
| CVE-2025-27685 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 7.5 HIGH |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001. | |||||
| CVE-2025-0123 | 2025-04-15 | N/A | N/A | ||
| A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring . The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . Customer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting. Prisma® Access is not impacted by this vulnerability. | |||||
| CVE-2022-42931 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 3.3 LOW |
| Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. | |||||
| CVE-2024-12094 | 2025-04-15 | N/A | N/A | ||
| This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. Note: To exploit this vulnerability, the device must be rooted/jailbroken. | |||||
| CVE-2015-5537 | 1 Siemens | 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System | 2025-04-12 | 4.3 MEDIUM | N/A |
| The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | |||||
| CVE-2016-0876 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | |||||
| CVE-2022-24120 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | N/A | 4.6 MEDIUM |
| Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2022-37785 | 1 Wecube-platform Project | 1 Wecube-platform | 2025-04-11 | N/A | 7.5 HIGH |
| An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins. | |||||