Total
652 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2025-04-11 | 6.8 MEDIUM | 5.7 MEDIUM |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2022-45787 | 1 Apache | 1 James | 2025-04-09 | N/A | 5.5 MEDIUM |
| Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. | |||||
| CVE-2025-3442 | 2025-04-09 | N/A | N/A | ||
| This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. | |||||
| CVE-2009-0964 | 1 Xlinesoft | 1 Phprunner | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication. | |||||
| CVE-2010-0225 | 1 Sandisk | 2 Cruzer Enterprise, Cruzer Enterprise Firmware | 2025-04-09 | 4.6 MEDIUM | N/A |
| SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | |||||
| CVE-2009-0152 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2008-1567 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2025-04-09 | 2.1 LOW | 5.5 MEDIUM |
| phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | |||||
| CVE-2009-1466 | 1 Klinzmann | 1 Application Access Server | 2025-04-09 | 2.1 LOW | 5.5 MEDIUM |
| Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2009-1603 | 2 Fedoraproject, Opensc-project | 2 Fedora, Opensc | 2025-04-09 | 4.3 MEDIUM | 7.5 HIGH |
| src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | |||||
| CVE-2008-6157 | 1 Sepcity | 1 Classified Ads | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2025-04-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | |||||
| CVE-2007-5778 | 1 Flexispy | 1 Mobile Spy | 2025-04-09 | 6.4 MEDIUM | 7.5 HIGH |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | |||||
| CVE-2008-6828 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 4.3 MEDIUM | 7.8 HIGH |
| Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | |||||
| CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors. | |||||
| CVE-2025-23215 | 2025-04-04 | N/A | N/A | ||
| PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered potentially compromised. As a mitigation, both compromised keys have been revoked so that no future use of the keys are possible. Note, that the published artifacts in Maven Central under the group id net.sourceforge.pmd are not compromised and the signatures are valid. | |||||
| CVE-2024-51993 | 1 Combodo | 1 Itop | 2025-04-04 | N/A | 3.4 LOW |
| Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application. ### Patches Sanitize parameter ### References N°7631 - Password is stored in clear in the database. | |||||
| CVE-2024-46340 | 2025-04-03 | N/A | 9.8 CRITICAL | ||
| TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. | |||||
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Personal Privacy | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | |||||
| CVE-2001-1536 | 1 Audiogalaxy | 1 Audiogalaxy | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | |||||