Total
1317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3082 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2026-06-17 | N/A | 4.2 MEDIUM |
| A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | |||||
| CVE-2024-39879 | 1 Jetbrains | 1 Teamcity | 2026-06-17 | N/A | 5.0 MEDIUM |
| In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | |||||
| CVE-2024-39878 | 1 Jetbrains | 1 Teamcity | 2026-06-17 | N/A | 4.1 MEDIUM |
| In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | |||||
| CVE-2024-39818 | 1 Zoom | 4 Rooms, Workplace, Workplace Desktop and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | |||||
| CVE-2024-39733 | 1 Ibm | 1 Datacap | 2026-06-17 | N/A | 5.5 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. | |||||
| CVE-2024-39290 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book. | |||||
| CVE-2024-39278 | 1 Echostar | 2 Fusion, Hughes Wl3000 | 2026-06-17 | N/A | 4.2 MEDIUM |
| Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data. | |||||
| CVE-2024-38505 | 1 Jetbrains | 1 Youtrack | 2026-06-17 | N/A | 5.3 MEDIUM |
| In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site | |||||
| CVE-2024-38453 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024. | |||||
| CVE-2024-38291 | 1 Extremenetworks | 1 Xiq-se | 2026-06-17 | N/A | 8.8 HIGH |
| In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. | |||||
| CVE-2024-38285 | 2026-06-17 | N/A | N/A | ||
| Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. | |||||
| CVE-2024-38282 | 2026-06-17 | N/A | N/A | ||
| Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. | |||||
| CVE-2024-37362 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift. Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation. | |||||
| CVE-2024-37187 | 1 Advantech | 2 Adam-5550, Adam-5550 Firmware | 2026-06-17 | N/A | 5.7 MEDIUM |
| Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. | |||||
| CVE-2024-37051 | 1 Jetbrains | 13 Aqua, Clion, Datagrip and 10 more | 2026-06-17 | N/A | 9.3 CRITICAL |
| GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 | |||||
| CVE-2024-36460 | 1 Zabbix | 1 Zabbix | 2026-06-17 | N/A | 8.1 HIGH |
| The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | |||||
| CVE-2024-36127 | 2026-06-17 | N/A | 7.5 HIGH | ||
| apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5. | |||||
| CVE-2024-36081 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network. | |||||
| CVE-2024-35208 | 1 Siemens | 1 Sinec Traffic Analyzer | 2026-06-17 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. | |||||
| CVE-2024-35192 | 2026-06-17 | N/A | 5.5 MEDIUM | ||
| Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access. Systems are not affected if the default credential provider chain is unable to obtain valid credentials. This vulnerability only applies when scanning container images directly from a registry. This vulnerability is fixed in 0.51.2. | |||||