Total
778 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54537 | 1 Jetbrains | 1 Teamcity | 2026-06-17 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots | |||||
| CVE-2025-54464 | 2026-06-17 | N/A | N/A | ||
| This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials stored in the firmware of targeted device. | |||||
| CVE-2025-54422 | 1 Sandboxie-plus | 1 Sandboxie | 2026-06-17 | N/A | 5.5 MEDIUM |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2. | |||||
| CVE-2025-54342 | 1 Desktopalert | 1 Pingalert Application Server | 2026-06-17 | N/A | 3.3 LOW |
| A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies. | |||||
| CVE-2025-53758 | 2026-06-17 | N/A | N/A | ||
| This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the hardcoded default credentials stored in the firmware of the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted device. | |||||
| CVE-2025-53755 | 2026-06-17 | N/A | N/A | ||
| This vulnerability exists in Digisol DG-GR6821AC Router due to storage of credentials and PINS without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted data stored in the firmware of targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the network of the targeted device. | |||||
| CVE-2025-53742 | 1 Jenkins | 1 Applitools Eyes | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53672 | 1 Jenkins | 1 Kryptowire | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-53670 | 1 Jenkins | 1 Nouvola Divecloud | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53103 | 2026-06-17 | N/A | 5.8 MEDIUM | ||
| JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app. This issue as been patched in version 5.13.2. | |||||
| CVE-2025-51055 | 1 Vedo Suite Project | 1 Vedo Suite | 2026-06-17 | N/A | 8.6 HIGH |
| Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information. | |||||
| CVE-2025-50777 | 1 Aziot | 2 2mp Full Hd Smart Wi-fi Cctv Home Security Camera, 2mp Full Hd Smart Wi-fi Cctv Home Security Camera Firmware | 2026-06-17 | N/A | 7.8 HIGH |
| The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems. | |||||
| CVE-2025-4737 | 2026-06-17 | N/A | 6.2 MEDIUM | ||
| Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage. | |||||
| CVE-2025-4537 | 1 Ruoyi | 1 Ruoyi-vue | 2026-06-17 | 2.6 LOW | 3.1 LOW |
| A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4394 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025 | |||||
| CVE-2025-4053 | 2026-06-17 | N/A | N/A | ||
| The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks. | |||||
| CVE-2025-49728 | 1 Microsoft | 1 Pc Manager | 2026-06-17 | N/A | 4.0 MEDIUM |
| Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-48463 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2026-06-17 | N/A | 3.1 LOW |
| Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering. | |||||
| CVE-2025-48428 | 2026-06-17 | N/A | 6.7 MEDIUM | ||
| Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | |||||
| CVE-2025-47824 | 1 Flocksafety | 1 License Plate Reader Firmware | 2026-06-17 | N/A | 2.0 LOW |
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code. | |||||