Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5778 | 1 Flexispy | 1 Mobile Spy | 2025-04-09 | 6.4 MEDIUM | 7.5 HIGH |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | |||||
| CVE-2008-6828 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 4.3 MEDIUM | 7.8 HIGH |
| Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | |||||
| CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors. | |||||
| CVE-2025-23215 | 2025-04-04 | N/A | N/A | ||
| PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered potentially compromised. As a mitigation, both compromised keys have been revoked so that no future use of the keys are possible. Note, that the published artifacts in Maven Central under the group id net.sourceforge.pmd are not compromised and the signatures are valid. | |||||
| CVE-2024-51993 | 1 Combodo | 1 Itop | 2025-04-04 | N/A | 3.4 LOW |
| Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application. ### Patches Sanitize parameter ### References N°7631 - Password is stored in clear in the database. | |||||
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Personal Privacy | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | |||||
| CVE-2001-1536 | 1 Audiogalaxy | 1 Audiogalaxy | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | |||||
| CVE-2004-2397 | 1 Broadcom | 1 Bluecoat Security Gateway | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | |||||
| CVE-2001-1481 | 1 Xitami | 1 Xitami | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. | |||||
| CVE-2001-1537 | 1 Symfony | 1 Twig | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | |||||
| CVE-2002-1800 | 1 Phprank | 1 Phprank | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password. | |||||
| CVE-2005-1828 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2025-04-03 | 7.5 HIGH | 7.5 HIGH |
| D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2025-04-03 | 1.9 LOW | 5.5 MEDIUM |
| Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | |||||
| CVE-2023-24454 | 1 Jenkins | 1 Testquality Updater | 2025-04-02 | N/A | 5.5 MEDIUM |
| Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-24450 | 1 Jenkins | 1 View-cloner | 2025-04-02 | N/A | 6.5 MEDIUM |
| Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2023-24442 | 1 Jenkins | 1 Github Pull Request Coverage Status | 2025-04-02 | N/A | 5.5 MEDIUM |
| Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2023-24439 | 1 Jenkins | 1 Jira Pipeline Steps | 2025-04-02 | N/A | 5.5 MEDIUM |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-2922 | 2025-04-01 | 1.2 LOW | 2.0 LOW | ||
| A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0418 | 2025-04-01 | N/A | N/A | ||
| Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords. | |||||