Total
752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2026-05-06 | 7.5 HIGH | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
| CVE-2014-4775 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2026-05-06 | 5.0 MEDIUM | N/A |
| IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-3359 | 1 Redhat | 2 Conga, Enterprise Linux | 2026-05-06 | 3.7 LOW | N/A |
| Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout. | |||||
| CVE-2014-3220 | 1 F5 | 1 Big-iq | 2026-05-06 | 9.0 HIGH | N/A |
| F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. | |||||
| CVE-2016-2282 | 1 Moxa | 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more | 2026-05-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | |||||
| CVE-2014-3419 | 1 Infoblox | 1 Netmri | 2026-05-06 | 7.2 HIGH | N/A |
| Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. | |||||
| CVE-2016-5848 | 1 Siemens | 1 Sicam Pas\/pqs | 2026-05-06 | 1.7 LOW | 6.7 MEDIUM |
| Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | |||||
| CVE-2014-6098 | 1 Ibm | 1 Security Identity Manager | 2026-05-06 | 5.0 MEDIUM | N/A |
| IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. | |||||
| CVE-2016-1601 | 1 Suse | 4 Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit and 1 more | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2014-3068 | 1 Ibm | 1 Java | 2026-05-06 | 6.4 MEDIUM | N/A |
| IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. | |||||
| CVE-2014-4011 | 1 Sap | 1 Capacity Leveling | 2026-05-06 | 5.0 MEDIUM | N/A |
| SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2011-5322 | 1 Gehealthcare | 1 Centricity Analytics Server | 2026-05-06 | 10.0 HIGH | N/A |
| GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors. | |||||
| CVE-2014-3489 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2026-05-06 | 4.3 MEDIUM | N/A |
| lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
| CVE-2013-4440 | 1 Pwgen Project | 1 Pwgen | 2026-05-06 | 5.0 MEDIUM | N/A |
| Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||||
| CVE-2011-5324 | 1 Gehealthcare | 1 Centricity Pacs-iw | 2026-05-06 | 10.0 HIGH | N/A |
| The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2014-0105 | 1 Openstack | 1 Python-keystoneclient | 2026-05-06 | 6.0 MEDIUM | N/A |
| The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached." | |||||
| CVE-2014-0085 | 1 Redhat | 2 Jboss A-mq, Jboss Fuse | 2026-05-06 | 2.1 LOW | N/A |
| JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2014-2226 | 1 Ui | 1 Unifi Controller | 2026-05-06 | 2.6 LOW | N/A |
| Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-8945 | 1 Openshift | 1 Origin | 2026-05-06 | 1.9 LOW | 5.1 MEDIUM |
| openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. | |||||
| CVE-2014-0890 | 1 Ibm | 1 Sametime | 2026-05-06 | 1.9 LOW | N/A |
| The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. | |||||