Total
1140 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1886 | 2025-03-07 | N/A | N/A | ||
| Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials. | |||||
| CVE-2024-44754 | 2025-03-06 | N/A | 6.8 MEDIUM | ||
| Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB. | |||||
| CVE-2023-38548 | 1 Veeam | 1 One | 2025-03-06 | N/A | 4.3 MEDIUM |
| A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | |||||
| CVE-2023-37362 | 1 Weintek | 1 Weincloud | 2025-03-06 | N/A | 7.2 HIGH |
| Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website. | |||||
| CVE-2024-12799 | 2025-03-05 | N/A | N/A | ||
| Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0. | |||||
| CVE-2025-25570 | 2025-02-28 | N/A | 9.8 CRITICAL | ||
| Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials. | |||||
| CVE-2025-0760 | 2025-02-26 | N/A | 2.7 LOW | ||
| A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption. | |||||
| CVE-2023-1574 | 1 Devolutions | 1 Remote Desktop Manager | 2025-02-25 | N/A | 6.5 MEDIUM |
| Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. | |||||
| CVE-2022-26844 | 1 Intel | 1 Single Event Api | 2025-02-25 | N/A | 7.8 HIGH |
| Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-30296 | 1 Intel | 1 Datacenter Group Event | 2025-02-25 | N/A | 7.5 HIGH |
| Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2024-37362 | 2025-02-20 | N/A | 6.3 MEDIUM | ||
| The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift. Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation. | |||||
| CVE-2022-29507 | 1 Intel | 1 Team Blue | 2025-02-18 | N/A | 5.5 MEDIUM |
| Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2025-0867 | 2025-02-14 | N/A | 9.9 CRITICAL | ||
| The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level. | |||||
| CVE-2023-25413 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | N/A | 7.5 HIGH |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials. | |||||
| CVE-2023-25407 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | N/A | 7.2 HIGH |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials. | |||||
| CVE-2024-3543 | 1 Progress | 1 Loadmaster | 2025-02-10 | N/A | 6.4 MEDIUM |
| Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. | |||||
| CVE-2024-4536 | 1 Eclipse | 1 Edc Connector | 2025-02-06 | N/A | 6.8 MEDIUM |
| In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider's vault, not the consumer. This secret's value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL. This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented. | |||||
| CVE-2022-26341 | 1 Intel | 3 Active Management Technology Software Development Kit, Endpoint Management Assistant, Manageability Commander | 2025-02-05 | N/A | 8.2 HIGH |
| Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-25760 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 8.8 HIGH |
| Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | |||||
| CVE-2022-4308 | 1 Secomea | 1 Gatemanager | 2025-02-05 | N/A | 6.1 MEDIUM |
| Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked. | |||||