Total
760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22276 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-02-18 | N/A | 5.5 MEDIUM |
| Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
| CVE-2026-24319 | 1 Sap | 1 Business One | 2026-02-17 | N/A | 5.8 MEDIUM |
| In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability. | |||||
| CVE-2025-33081 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-11 | N/A | 3.3 LOW |
| IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2026-25751 | 1 Frangoteam | 1 Fuxa | 2026-02-10 | N/A | 7.5 HIGH |
| FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. | |||||
| CVE-2025-12772 | 1 Broadcom | 1 Sannav | 2026-02-09 | N/A | 4.9 MEDIUM |
| Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the switch admin password. | |||||
| CVE-2025-27460 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-02-06 | N/A | 7.6 HIGH |
| The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker can read from and write to all files on the hard drives. | |||||
| CVE-2026-22240 | 1 Blusparkglobal | 1 Bluvoyix | 2026-02-02 | N/A | 7.5 HIGH |
| The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in using an exposed admin email address and password. | |||||
| CVE-2025-7397 | 1 Brocade | 1 Ascg | 2026-02-02 | N/A | 7.1 HIGH |
| A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches. | |||||
| CVE-2019-25279 | 1 Iwt | 2 Facesentry Access Control System, Facesentry Access Control System Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication. | |||||
| CVE-2025-63208 | 1 Bridgetech | 2 Vb288, Vb288 Firmware | 2026-01-15 | N/A | 7.5 HIGH |
| An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. | |||||
| CVE-2025-25613 | 1 Fs | 2 S3150-8t2f, S3150-8t2f Firmware | 2026-01-15 | N/A | 7.5 HIGH |
| FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server. | |||||
| CVE-2024-7259 | 2 Ovirt, Redhat | 2 Ovirt-engine, Virtualization | 2026-01-08 | N/A | 4.9 MEDIUM |
| A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. | |||||
| CVE-2025-65826 | 1 Meatmeet | 1 Meatmeet | 2025-12-30 | N/A | 9.8 CRITICAL |
| The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were located in close physical proximity to the device when it was first set up, they may be able to force the device to auto-connect to an attacker-controlled access point by setting the SSID and password to the same as which was found in the firmware file. | |||||
| CVE-2025-63729 | 1 Syrotech | 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware | 2025-12-30 | N/A | 9.0 CRITICAL |
| An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder. | |||||
| CVE-2025-65278 | 1 Komal97 | 1 Grocerymart | 2025-12-30 | N/A | 7.5 HIGH |
| An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords. | |||||
| CVE-2025-65320 | 1 Abacre | 1 Restaurant Point Of Sale | 2025-12-18 | N/A | 7.5 HIGH |
| Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt. | |||||
| CVE-2025-67637 | 1 Jenkins | 1 Jenkins | 2025-12-17 | N/A | 4.3 MEDIUM |
| Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-67638 | 1 Jenkins | 1 Jenkins | 2025-12-17 | N/A | 4.3 MEDIUM |
| Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-34427 | 1 Mailenable | 1 Mailenable | 2025-12-17 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control. | |||||
| CVE-2025-34428 | 1 Mailenable | 1 Mailenable | 2025-12-17 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control. | |||||