Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-53770 | 1 Minidvblinux | 1 Minidvblinux | 2025-12-19 | N/A | 7.5 HIGH |
| MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials. | |||||
| CVE-2025-36100 | 1 Ibm | 1 Mq | 2025-12-19 | N/A | 5.1 MEDIUM |
| IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. | |||||
| CVE-2025-33119 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-12-15 | N/A | 6.5 MEDIUM |
| IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. | |||||
| CVE-2023-53739 | 2025-12-12 | N/A | N/A | ||
| Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication. | |||||
| CVE-2025-33093 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2025-11-13 | N/A | 7.5 HIGH |
| IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. | |||||
| CVE-2014-5400 | 1 Hospira | 1 Mednet | 2025-11-03 | 6.8 MEDIUM | N/A |
| The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2025-36002 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-10-25 | N/A | 5.5 MEDIUM |
| IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user. | |||||
| CVE-2024-45673 | 3 Ibm, Linux, Microsoft | 5 Security Verify Bridge Directory Sync, Security Verify Gateway For Radius, Security Verify Gateway For Windows Login and 2 more | 2025-08-27 | N/A | 5.5 MEDIUM |
| IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user. | |||||
| CVE-2025-57754 | 2025-08-22 | N/A | 9.8 CRITICAL | ||
| eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could lead to data exfiltration, modification or deletion. | |||||
| CVE-2025-51540 | 2025-08-20 | N/A | 5.3 MEDIUM | ||
| EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm makes it feasible to recover plaintext credentials using precomputed tables or GPU-based cracking tools. The vendor states that the issue is fixed in 3.5.72.27183. | |||||
| CVE-2025-25022 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-12 | N/A | 9.6 CRITICAL |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. | |||||
| CVE-2025-6513 | 2025-06-23 | N/A | 9.3 CRITICAL | ||
| Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it. | |||||
| CVE-2025-32111 | 2025-04-07 | N/A | 8.7 HIGH | ||
| The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout. | |||||
| CVE-2024-49817 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | N/A | 4.4 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | |||||
| CVE-2023-2790 | 1 Totolink | 2 N200re, N200re Firmware | 2024-11-21 | 1.4 LOW | 2.3 LOW |
| A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2016-7043 | 1 Redhat | 1 Kie-server | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services. | |||||