Total
1317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0867 | 2026-06-17 | N/A | 9.9 CRITICAL | ||
| The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level. | |||||
| CVE-2025-0760 | 2026-06-17 | N/A | 2.7 LOW | ||
| A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption. | |||||
| CVE-2025-0619 | 1 M-files | 1 M-files Server | 2026-06-17 | N/A | 4.9 MEDIUM |
| Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords | |||||
| CVE-2025-0498 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2026-06-17 | N/A | 9.8 CRITICAL |
| A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate another user. | |||||
| CVE-2025-0497 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2026-06-17 | N/A | 9.8 CRITICAL |
| A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages. | |||||
| CVE-2025-0477 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2026-06-17 | N/A | 9.8 CRITICAL |
| An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application. | |||||
| CVE-2024-9677 | 1 Zyxel | 6 Uos, Usg Flex 100h, Usg Flex 200h and 3 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out. | |||||
| CVE-2024-9014 | 1 Pgadmin | 1 Pgadmin 4 | 2026-06-17 | N/A | 9.9 CRITICAL |
| pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. | |||||
| CVE-2024-8986 | 2026-06-17 | N/A | N/A | ||
| The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials. | |||||
| CVE-2024-8777 | 1 Syscomgo | 1 Omflow | 2026-06-17 | N/A | 7.5 HIGH |
| OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials. | |||||
| CVE-2024-7813 | 1 Prison Management System Project | 1 Prison Management System | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7755 | 2026-06-17 | N/A | 8.2 HIGH | ||
| The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. | |||||
| CVE-2024-7389 | 1 Incsub | 1 Forminator | 2026-06-17 | N/A | 7.5 HIGH |
| The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration. | |||||
| CVE-2024-6749 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-6492 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-17 | N/A | 7.4 HIGH |
| Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website. | |||||
| CVE-2024-6118 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2026-06-17 | N/A | 9.1 CRITICAL |
| A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | |||||
| CVE-2024-5657 | 1 Born05 | 1 Two-factor Authentication | 2026-06-17 | N/A | 3.7 LOW |
| The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP. | |||||
| CVE-2024-5176 | 2026-06-17 | N/A | N/A | ||
| Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior. | |||||
| CVE-2024-57395 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters. | |||||
| CVE-2024-56354 | 1 Jetbrains | 1 Teamcity | 2026-06-17 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | |||||