Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-70050 | 1 Lesspass | 1 Lesspass | 2026-03-13 | N/A | 6.5 MEDIUM |
| An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information. | |||||
| CVE-2024-45391 | 1 Ssw | 1 Tinacms\/cli | 2026-03-13 | N/A | 7.5 HIGH |
| Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix. | |||||
| CVE-2025-55717 | 1 Fortinet | 3 Fortimail, Fortirecorder, Fortivoice | 2026-03-12 | N/A | 4.0 MEDIUM |
| A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device. | |||||
| CVE-2026-3277 | 2026-03-11 | N/A | N/A | ||
| The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials | |||||
| CVE-2026-24311 | 2026-03-11 | N/A | 5.6 MEDIUM | ||
| The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes could affect system behaviour during startup, resulting in a high impact on the application's confidentiality and integrity, with a low impact on availability. | |||||
| CVE-2025-10464 | 2026-03-09 | N/A | 6.5 MEDIUM | ||
| Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology. | |||||
| CVE-2024-55027 | 1 Weintek | 3 Cmt-3072xh2, Cmt-3072xh2 Firmware, Easyweb | 2026-03-04 | N/A | 7.5 HIGH |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | |||||
| CVE-2025-47147 | 2026-03-03 | N/A | 5.7 MEDIUM | ||
| Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123. | |||||
| CVE-2023-31069 | 1 Tsplus | 1 Tsplus Remote Work | 2026-03-03 | N/A | 9.8 CRITICAL |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | |||||
| CVE-2025-12679 | 1 Broadcom | 1 Sannav | 2026-03-03 | N/A | 6.5 MEDIUM |
| A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | |||||
| CVE-2025-12680 | 1 Broadcom | 1 Sannav | 2026-03-03 | N/A | 4.9 MEDIUM |
| Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password. | |||||
| CVE-2025-12774 | 1 Broadcom | 1 Sannav | 2026-03-03 | N/A | 7.5 HIGH |
| A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of database tables and encrypted passwords. | |||||
| CVE-2024-55928 | 1 Xerox | 1 Workplace Suite | 2026-02-28 | N/A | 6.5 MEDIUM |
| Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | |||||
| CVE-2026-3221 | 1 Devolutions | 1 Devolutions Server | 2026-02-28 | N/A | 4.9 MEDIUM |
| Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access. | |||||
| CVE-2024-4540 | 2026-02-25 | N/A | 7.5 HIGH | ||
| A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. | |||||
| CVE-2023-40238 | 2 Fujitsu, Insyde | 373 Celsius C780, Celsius C780 Firmware, Celsius H5511 and 370 more | 2026-02-25 | N/A | 5.5 MEDIUM |
| A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. | |||||
| CVE-2026-27520 | 1 Binardat | 2 10g08-0800gsm, 10g08-0800gsm Firmware | 2026-02-25 | N/A | 7.5 HIGH |
| Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password. | |||||
| CVE-2026-23655 | 1 Microsoft | 1 Confidential Sidecar Containers | 2026-02-25 | N/A | 6.5 MEDIUM |
| Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | |||||
| CVE-2026-22276 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-02-18 | N/A | 5.5 MEDIUM |
| Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2026-24319 | 1 Sap | 1 Business One | 2026-02-17 | N/A | 5.8 MEDIUM |
| In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability. | |||||