Total
778 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9802 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2026-06-17 | N/A | 5.3 MEDIUM |
| The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running. | |||||
| CVE-2024-9798 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2026-06-17 | N/A | 9.0 CRITICAL |
| The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers. | |||||
| CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2026-06-17 | N/A | 6.5 MEDIUM |
| A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | |||||
| CVE-2024-9432 | 2026-06-17 | N/A | N/A | ||
| Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X. | |||||
| CVE-2024-9040 | 1 Code-projects | 1 Blood Bank Management System | 2026-06-17 | 1.4 LOW | 2.3 LOW |
| A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally. | |||||
| CVE-2024-8689 | 2026-06-17 | N/A | N/A | ||
| A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. | |||||
| CVE-2024-8644 | 1 Oceanicsoft | 1 Valeapp | 2026-06-17 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0. | |||||
| CVE-2024-8459 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2026-06-17 | N/A | 7.2 HIGH |
| Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials. | |||||
| CVE-2024-8070 | 2026-06-17 | N/A | 8.5 HIGH | ||
| CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary | |||||
| CVE-2024-7783 | 1 Mintplexlabs | 1 Anythingllm | 2026-06-17 | N/A | 7.5 HIGH |
| mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3. | |||||
| CVE-2024-7259 | 2 Ovirt, Redhat | 2 Ovirt-engine, Virtualization | 2026-06-17 | N/A | 4.9 MEDIUM |
| A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. | |||||
| CVE-2024-6921 | 1 Nac | 1 Nacpremium | 2026-06-17 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data. This issue affects NACPremium: through 01082024. | |||||
| CVE-2024-6785 | 1 Moxa | 2 Mxview One, Mxview One Central Manager | 2026-06-17 | N/A | 5.5 MEDIUM |
| The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. | |||||
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2026-06-17 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | |||||
| CVE-2024-5916 | 1 Paloaltonetworks | 1 Pan-os | 2026-06-17 | N/A | 4.4 MEDIUM |
| An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. | |||||
| CVE-2024-58277 | 2026-06-17 | N/A | N/A | ||
| R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access. | |||||
| CVE-2024-56428 | 1 Itech-gmbh | 1 Ilabclient | 2026-06-17 | N/A | 5.5 MEDIUM |
| The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client. | |||||
| CVE-2024-56362 | 1 Navidrome | 1 Navidrome | 2026-06-17 | N/A | 7.1 HIGH |
| Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1. | |||||
| CVE-2024-55928 | 1 Xerox | 1 Workplace Suite | 2026-06-17 | N/A | 6.5 MEDIUM |
| Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | |||||
| CVE-2024-55582 | 2026-06-17 | N/A | 5.7 MEDIUM | ||
| Oxide before 6 has unencrypted Control Plane datastores. | |||||