Total
1110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47081 | 2025-06-12 | N/A | 5.3 MEDIUM | ||
| Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. | |||||
| CVE-2025-30183 | 2025-06-12 | N/A | 7.5 HIGH | ||
| CyberData 011209 Intercom does not properly store or protect web server admin credentials. | |||||
| CVE-2025-35941 | 2025-06-12 | N/A | 5.5 MEDIUM | ||
| A password is exposed locally. | |||||
| CVE-2025-33079 | 1 Ibm | 2 Cognos Controller, Controller | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. | |||||
| CVE-2023-36266 | 1 Keepersecurity | 2 Keeper, Keeperfill | 2025-06-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information). | |||||
| CVE-2025-4679 | 1 Synology | 1 Active Backup For Microsoft 365 | 2025-05-30 | N/A | 6.5 MEDIUM |
| A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-43978 | 1 Allegro | 1 Allegro | 2025-05-30 | 5.5 MEDIUM | 7.1 HIGH |
| Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. | |||||
| CVE-2019-12046 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2025-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| LemonLDAP::NG -2.0.3 has Incorrect Access Control. | |||||
| CVE-2022-41255 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | N/A | 6.5 MEDIUM |
| Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-41247 | 1 Jenkins | 1 Bigpanda Notifier | 2025-05-27 | N/A | 4.3 MEDIUM |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2018-16153 | 1 Apereo | 1 Opencast | 2025-05-27 | N/A | 7.5 HIGH |
| An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | |||||
| CVE-2025-3480 | 2025-05-23 | N/A | 5.3 MEDIUM | ||
| MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842. | |||||
| CVE-2025-2394 | 2025-05-23 | N/A | N/A | ||
| Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. | |||||
| CVE-2018-5446 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 2.1 LOW | 4.9 MEDIUM |
| Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. | |||||
| CVE-2018-10622 | 1 Medtronic | 4 Mycarelink 24950 Patient Monitor, Mycarelink 24950 Patient Monitor Firmware, Mycarelink 24952 Patient Monitor and 1 more | 2025-05-22 | 1.9 LOW | 4.9 MEDIUM |
| Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. | |||||
| CVE-2022-37193 | 1 Chipolo | 2 Chipolo, Chipolo One | 2025-05-22 | N/A | 7.4 HIGH |
| Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials. | |||||
| CVE-2025-3078 | 2025-05-21 | N/A | 8.7 HIGH | ||
| A passback vulnerability which relates to production printers and office multifunction printers. | |||||
| CVE-2025-3079 | 2025-05-21 | N/A | 8.7 HIGH | ||
| A passback vulnerability which relates to office/small office multifunction printers and laser printers. | |||||
| CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2025-05-20 | N/A | 7.5 HIGH |
| IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | |||||
| CVE-2025-27192 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-05-20 | N/A | 2.7 LOW |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction. | |||||