Total
1317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46480 | 1 Venki | 1 Supravizio Bpm | 2026-06-17 | N/A | 8.4 HIGH |
| An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. | |||||
| CVE-2024-46341 | 1 Tp-link | 2 Tl-wr845n, Tl-wr845n Firmware | 2026-06-17 | N/A | 8.0 HIGH |
| TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. | |||||
| CVE-2024-45744 | 1 Topquadrant | 1 Topbraid Edg | 2026-06-17 | N/A | 3.0 LOW |
| TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets. | |||||
| CVE-2024-45636 | 1 Ibm | 1 Security Qradar Edr | 2026-06-17 | N/A | 4.1 MEDIUM |
| IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. | |||||
| CVE-2024-44815 | 1 Hathway | 2 Skyworth Cm5100-511, Skyworth Cm5100-511 Firmware | 2026-06-17 | N/A | 4.6 MEDIUM |
| Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | |||||
| CVE-2024-44754 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB. | |||||
| CVE-2024-44000 | 1 Litespeedtech | 1 Litespeed Cache | 2026-06-17 | N/A | 9.8 CRITICAL |
| Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1. | |||||
| CVE-2024-43812 | 2026-06-17 | N/A | 8.4 HIGH | ||
| Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system. | |||||
| CVE-2024-43779 | 1 Clear | 1 Clearml Enterprise Server | 2026-06-17 | N/A | 7.7 HIGH |
| An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2024-42457 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-06-17 | N/A | 6.5 MEDIUM |
| A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. | |||||
| CVE-2024-42192 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2026-06-17 | N/A | 5.5 MEDIUM |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications. | |||||
| CVE-2024-42172 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications. | |||||
| CVE-2024-42012 | 2026-06-17 | N/A | 5.7 MEDIUM | ||
| GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user. | |||||
| CVE-2024-41771 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2026-06-17 | N/A | 7.5 HIGH |
| IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | |||||
| CVE-2024-41770 | 1 Ibm | 1 Engineering Requirements Management Doors Next | 2026-06-17 | N/A | 7.5 HIGH |
| IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | |||||
| CVE-2024-40710 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-06-17 | N/A | 8.8 HIGH |
| A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication. | |||||
| CVE-2024-40704 | 1 Ibm | 1 Infosphere Information Server | 2026-06-17 | N/A | 4.9 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. | |||||
| CVE-2024-40703 | 1 Ibm | 2 Cognos Analytics, Cognos Analytics Reports | 2026-06-17 | N/A | 5.5 MEDIUM |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. | |||||
| CVE-2024-40583 | 1 Pentaminds | 1 Curovms | 2026-06-17 | N/A | 9.1 CRITICAL |
| Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. | |||||
| CVE-2024-3543 | 1 Progress | 1 Loadmaster | 2026-06-17 | N/A | 6.4 MEDIUM |
| Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. | |||||