Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4286 | 1 Intelbras | 1 Incontrol Web | 2025-08-20 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release. | |||||
| CVE-2025-2770 | 1 Bectechnologies | 1 Router Firmware | 2025-08-15 | N/A | 6.5 MEDIUM |
| BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25986. | |||||
| CVE-2024-28782 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-14 | N/A | 6.3 MEDIUM |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | |||||
| CVE-2023-50956 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-09 | N/A | 4.4 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | |||||
| CVE-2024-49351 | 1 Ibm | 1 Workload Scheduler | 2025-08-08 | N/A | 5.5 MEDIUM |
| IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. | |||||
| CVE-2024-52361 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-08 | N/A | 5.7 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | |||||
| CVE-2024-3622 | 1 Redhat | 1 Mirror Registry | 2025-07-30 | N/A | 8.8 HIGH |
| A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance. | |||||
| CVE-2024-3623 | 1 Redhat | 1 Mirror Registry | 2025-07-30 | N/A | 8.1 HIGH |
| A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database. | |||||
| CVE-2025-52164 | 2025-07-22 | N/A | 8.2 HIGH | ||
| Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext. | |||||
| CVE-2025-7357 | 2025-07-17 | N/A | N/A | ||
| LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs. | |||||
| CVE-2024-45638 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | N/A | 4.1 MEDIUM |
| IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. | |||||
| CVE-2024-43186 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | |||||
| CVE-2025-1709 | 2025-07-03 | N/A | 6.5 MEDIUM | ||
| Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded). | |||||
| CVE-2024-23486 | 1 Buffalo | 8 Wsr-2533dhp, Wsr-2533dhp2, Wsr-2533dhp2 Firmware and 5 more | 2025-06-30 | N/A | 9.8 CRITICAL |
| Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. | |||||
| CVE-2025-6560 | 2025-06-26 | N/A | 9.8 CRITICAL | ||
| Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the device is recommended. | |||||
| CVE-2025-6561 | 2025-06-26 | N/A | 9.8 CRITICAL | ||
| Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. | |||||
| CVE-2025-25985 | 1 Macro-video | 2 V380e6 C1, V380e6 C1 Firmware | 2025-06-25 | N/A | 2.6 LOW |
| An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components. | |||||
| CVE-2025-33079 | 1 Ibm | 2 Cognos Controller, Controller | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. | |||||
| CVE-2025-5893 | 2025-06-09 | N/A | 9.8 CRITICAL | ||
| Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials. | |||||
| CVE-2025-5760 | 2025-06-06 | N/A | 4.9 MEDIUM | ||
| The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password. | |||||