Total
778 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34206 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2026-06-17 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in .secrets, MySQL client keys, and application session files are accessible from multiple containers. An attacker who controls or reaches any container can read or modify these artifacts, leading to credential theft, RCE via Laravel APP_KEY, Portainer takeover, and full compromise. | |||||
| CVE-2025-34200 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2026-06-17 | N/A | 7.8 HIGH |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to obtain the network account username and password. Using the network account an attacker can change network parameters via the appliance interface, enabling local misconfiguration, network disruption or further escalation depending on deployment. | |||||
| CVE-2025-33081 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-06-17 | N/A | 3.3 LOW |
| IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2025-32752 | 1 Dell | 1 Thinos | 2026-06-17 | N/A | 5.7 MEDIUM |
| Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. | |||||
| CVE-2025-32353 | 2026-06-17 | N/A | 8.2 HIGH | ||
| Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file. | |||||
| CVE-2025-30124 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password. | |||||
| CVE-2025-2922 | 2026-06-17 | 1.2 LOW | 2.0 LOW | ||
| A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2909 | 2026-06-17 | N/A | N/A | ||
| The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information. | |||||
| CVE-2025-2770 | 1 Bectechnologies | 1 Router Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25986. | |||||
| CVE-2025-2189 | 2026-06-17 | N/A | N/A | ||
| This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. | |||||
| CVE-2025-2182 | 2026-06-17 | N/A | N/A | ||
| A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. | |||||
| CVE-2025-2181 | 2026-06-17 | N/A | N/A | ||
| A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. | |||||
| CVE-2025-2120 | 1 Thinkware | 2 F800 Pro, F800 Pro Firmware | 2026-06-17 | 1.7 LOW | 2.1 LOW |
| A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27685 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2026-06-17 | N/A | 7.5 HIGH |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001. | |||||
| CVE-2025-27623 | 1 Jenkins | 1 Jenkins | 2026-06-17 | N/A | 4.3 MEDIUM |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets. | |||||
| CVE-2025-27622 | 1 Jenkins | 1 Jenkins | 2026-06-17 | N/A | 4.3 MEDIUM |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets. | |||||
| CVE-2025-27532 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests. | |||||
| CVE-2025-27460 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-06-17 | N/A | 7.6 HIGH |
| The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives. | |||||
| CVE-2025-26495 | 1 Tableau | 1 Tableau Server | 2026-06-17 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19. | |||||
| CVE-2025-25758 | 1 Kukufm | 1 Kukufm | 2026-06-17 | N/A | 7.5 HIGH |
| An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml | |||||