Total
699 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20914 | 1 Google | 1 Android | 2025-01-24 | N/A | 5.5 MEDIUM |
| In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-189942529 | |||||
| CVE-2023-32983 | 1 Jenkins | 1 Ansible | 2025-01-23 | N/A | 5.3 MEDIUM |
| Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2023-32982 | 1 Jenkins | 1 Ansible | 2025-01-23 | N/A | 4.3 MEDIUM |
| Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2024-46505 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | |||||
| CVE-2024-52525 | 1 Nextcloud | 1 Nextcloud Server | 2025-01-23 | N/A | 1.8 LOW |
| Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. | |||||
| CVE-2023-28345 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-14 | N/A | 4.6 MEDIUM |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines. | |||||
| CVE-2025-23027 | 2025-01-13 | N/A | N/A | ||
| next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems. | |||||
| CVE-2023-28713 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | N/A | 8.1 HIGH |
| Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user. | |||||
| CVE-2023-27706 | 1 Bitwarden | 1 Bitwarden | 2025-01-06 | N/A | 7.1 HIGH |
| Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. | |||||
| CVE-2023-27370 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 5.7 MEDIUM |
| NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19841. | |||||
| CVE-2024-55196 | 2025-01-02 | N/A | 7.5 HIGH | ||
| Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers. | |||||
| CVE-2024-9802 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2024-12-19 | N/A | 5.3 MEDIUM |
| The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running. | |||||
| CVE-2024-9798 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2024-12-19 | N/A | 9.0 CRITICAL |
| The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers. | |||||
| CVE-2024-51175 | 2024-12-18 | N/A | 7.5 HIGH | ||
| An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component. | |||||
| CVE-2024-55582 | 2024-12-11 | N/A | 5.7 MEDIUM | ||
| Oxide before 6 has unencrypted Control Plane datastores. | |||||
| CVE-2024-35117 | 2024-12-11 | N/A | 4.4 MEDIUM | ||
| IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. | |||||
| CVE-2024-11159 | 1 Mozilla | 1 Thunderbird | 2024-12-06 | N/A | 4.3 MEDIUM |
| Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1. | |||||
| CVE-2023-27243 | 1 Makves | 1 Dcap | 2024-12-06 | N/A | 7.5 HIGH |
| An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. | |||||
| CVE-2022-45439 | 1 Zyxel | 2 Ax7501-b0, Ax7501-b0 Firmware | 2024-12-06 | N/A | 6.5 MEDIUM |
| A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability. | |||||
| CVE-2024-54127 | 2024-12-05 | N/A | N/A | ||
| This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system. | |||||