Total
1316 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11856 | 2026-06-17 | N/A | 3.7 LOW | ||
| A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. | |||||
| CVE-2024-11703 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 5.7 MEDIUM |
| On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. | |||||
| CVE-2024-0368 | 1 Wpmudev | 1 Hustle | 2026-06-17 | N/A | 8.6 HIGH |
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII. | |||||
| CVE-2023-6791 | 1 Paloaltonetworks | 1 Pan-os | 2026-06-17 | N/A | 4.9 MEDIUM |
| A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. | |||||
| CVE-2023-6573 | 1 Hp | 1 Oneview | 2026-06-17 | N/A | 5.5 MEDIUM |
| HPE OneView may have a missing passphrase during restore. | |||||
| CVE-2023-6421 | 1 W3eden | 1 Download Manager | 2026-06-17 | N/A | 7.5 HIGH |
| The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. | |||||
| CVE-2023-6254 | 1 Otrs | 1 Otrs | 2026-06-17 | N/A | 8.1 HIGH |
| A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37. | |||||
| CVE-2023-5552 | 1 Sophos | 1 Firewall | 2026-06-17 | N/A | 7.1 HIGH |
| A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | |||||
| CVE-2023-50945 | 3 Ibm, Linux, Microsoft | 4 Aix, Common Licensing, Linux Kernel and 1 more | 2026-06-17 | N/A | 6.2 MEDIUM |
| IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | |||||
| CVE-2023-50770 | 1 Jenkins | 1 Openid | 2026-06-17 | N/A | 6.7 MEDIUM |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins. | |||||
| CVE-2023-50436 | 1 Couchbase | 1 Couchbase Server | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5. | |||||
| CVE-2023-50311 | 1 Ibm | 1 Cics Transaction Gateway | 2026-06-17 | N/A | 3.1 LOW |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages. | |||||
| CVE-2023-50310 | 1 Ibm | 1 Cics Transaction Gateway | 2026-06-17 | N/A | 4.9 MEDIUM |
| IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | |||||
| CVE-2023-50291 | 1 Apache | 1 Solr | 2026-06-17 | N/A | 7.5 HIGH |
| Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*' | |||||
| CVE-2023-50125 | 1 Hozard | 1 Alarm System | 2026-06-17 | N/A | 5.9 MEDIUM |
| A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state. | |||||
| CVE-2023-4328 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows | |||||
| CVE-2023-4327 | 2 Broadcom, Linux | 2 Raid Controller Web Interface, Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux | |||||
| CVE-2023-49653 | 1 Jenkins | 1 Jira | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||||
| CVE-2023-49280 | 1 Xwiki | 1 Change Request | 2026-06-17 | N/A | 7.7 HIGH |
| XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view. This vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. The patch consists in denying to users the right of editing pages that contains a password field with change request. It means that already existing change request for those pages won't be removed by the patch, administrators needs to take care of it. The patch is provided in Change Request 1.10, administrators should upgrade immediately. It's possible to workaround the vulnerability by denying manually the Change request right on some spaces, such as XWiki space which will include any user profile by default. | |||||
| CVE-2023-49233 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level. | |||||