Total
685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22332 | 1 Pgpool | 1 Pgpool-ii | 2025-03-28 | N/A | 6.5 MEDIUM |
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. | |||||
| CVE-2024-21993 | 1 Netapp | 1 Snapcenter | 2025-03-27 | N/A | 5.7 MEDIUM |
| SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. | |||||
| CVE-2020-36248 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 2.1 LOW | 3.9 LOW |
| The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | |||||
| CVE-2024-20292 | 1 Cisco | 1 Duo Authentication For Windows Logon And Rdp | 2025-03-24 | N/A | 4.4 MEDIUM |
| A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text. | |||||
| CVE-2019-16638 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1. | |||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2025-03-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | |||||
| CVE-2024-25024 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-03-13 | N/A | 5.5 MEDIUM |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. | |||||
| CVE-2024-41716 | 1 Idec | 2 Windldr, Windo\/i-nv4 | 2025-03-13 | N/A | 8.1 HIGH |
| Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them. | |||||
| CVE-2024-23584 | 2025-03-13 | N/A | 6.6 MEDIUM | ||
| The NMAP Importer service? may expose data store credentials to authorized users of the Windows Registry. | |||||
| CVE-2025-2189 | 2025-03-11 | N/A | N/A | ||
| This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. | |||||
| CVE-2022-48310 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | |||||
| CVE-2025-26495 | 2025-03-04 | N/A | 7.5 HIGH | ||
| Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19. | |||||
| CVE-2023-25596 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | N/A | 4.5 MEDIUM |
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. | |||||
| CVE-2024-55928 | 2025-02-24 | N/A | 6.5 MEDIUM | ||
| Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | |||||
| CVE-2024-13843 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | N/A | 6.0 MEDIUM |
| Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | |||||
| CVE-2025-22896 | 2025-02-13 | N/A | 8.6 HIGH | ||
| mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. | |||||
| CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | N/A | 8.6 HIGH |
| The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | |||||
| CVE-2023-31423 | 1 Broadcom | 1 Brocade Sannav | 2025-02-13 | N/A | 5.7 MEDIUM |
| Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. | |||||
| CVE-2023-0614 | 1 Samba | 1 Samba | 2025-02-13 | N/A | 6.5 MEDIUM |
| The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | |||||
| CVE-2024-49800 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | |||||