Total
699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34270 | 2025-10-30 | N/A | N/A | ||
| Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results. | |||||
| CVE-2025-62261 | 2025-10-30 | N/A | N/A | ||
| Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s account. | |||||
| CVE-2025-26495 | 1 Tableau | 1 Tableau Server | 2025-10-29 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19. | |||||
| CVE-2025-21060 | 1 Samsung | 1 Smart Switch | 2025-10-28 | N/A | 5.5 MEDIUM |
| Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-21061 | 1 Samsung | 1 Smart Switch | 2025-10-28 | N/A | 7.1 HIGH |
| Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-55334 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2025-10-27 | N/A | 6.2 MEDIUM |
| Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-48428 | 2025-10-27 | N/A | 6.7 MEDIUM | ||
| Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | |||||
| CVE-2025-47820 | 1 Flocksafety | 1 Gunshot Detection Firmware | 2025-10-24 | N/A | 2.0 LOW |
| Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code. | |||||
| CVE-2025-59409 | 1 Flocksafety | 1 License Plate Reader Firmware | 2025-10-24 | N/A | 7.5 HIGH |
| Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware. | |||||
| CVE-2025-47824 | 1 Flocksafety | 1 License Plate Reader Firmware | 2025-10-23 | N/A | 2.0 LOW |
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code. | |||||
| CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2025-10-22 | 6.8 MEDIUM | 5.7 MEDIUM |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2025-10-14 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | |||||
| CVE-2025-34216 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2025-10-09 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the Laravel APP_KEY used for cryptographic signing. Because the APP_KEY is required to generate valid signed requests, an attacker who obtains it can craft malicious payloads that are accepted by the application and achieve remote code execution on the appliance. This vulnerability has been identified by the vendor as: V-2024-018 — RCE & Leaks via API. | |||||
| CVE-2025-51055 | 1 Vedo Suite Project | 1 Vedo Suite | 2025-10-09 | N/A | 8.6 HIGH |
| Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information. | |||||
| CVE-2025-59450 | 2025-10-08 | N/A | 4.3 MEDIUM | ||
| The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials. | |||||
| CVE-2025-23291 | 2025-10-02 | N/A | 2.4 LOW | ||
| NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure. | |||||
| CVE-2024-45744 | 1 Topquadrant | 1 Topbraid Edg | 2025-10-02 | N/A | 3.0 LOW |
| TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets. | |||||
| CVE-2025-49728 | 1 Microsoft | 1 Pc Manager | 2025-10-01 | N/A | 4.0 MEDIUM |
| Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-53672 | 1 Jenkins | 1 Kryptowire | 2025-10-01 | N/A | 6.5 MEDIUM |
| Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-34200 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2025-09-24 | N/A | 7.8 HIGH |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to obtain the network account username and password. Using the network account an attacker can change network parameters via the appliance interface, enabling local misconfiguration, network disruption or further escalation depending on deployment. | |||||