Total
1315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28090 | 1 Hp | 1 Oneview | 2026-06-17 | N/A | 5.5 MEDIUM |
| An HPE OneView appliance dump may expose SNMPv3 read credentials | |||||
| CVE-2023-28089 | 1 Hp | 1 Oneview | 2026-06-17 | N/A | 7.1 HIGH |
| An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | |||||
| CVE-2023-28088 | 1 Hp | 1 Oneview | 2026-06-17 | N/A | 7.8 HIGH |
| An HPE OneView appliance dump may expose SAN switch administrative credentials | |||||
| CVE-2023-28087 | 1 Hp | 1 Oneview | 2026-06-17 | N/A | 5.5 MEDIUM |
| An HPE OneView appliance dump may expose OneView user accounts | |||||
| CVE-2023-28086 | 1 Hp | 1 Oneview | 2026-06-17 | N/A | 5.5 MEDIUM |
| An HPE OneView appliance dump may expose proxy credential settings | |||||
| CVE-2023-28084 | 2 Hp, Hpe | 2 Oneview, Oneview Global Dashboard | 2026-06-17 | N/A | 5.5 MEDIUM |
| HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | |||||
| CVE-2023-27975 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2026-06-17 | N/A | 7.1 HIGH |
| CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | |||||
| CVE-2023-27315 | 1 Netapp | 1 Snapgathers | 2026-06-17 | N/A | 6.5 MEDIUM |
| SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials | |||||
| CVE-2023-27132 | 1 Tsplus | 1 Tsplus Remote Work | 2026-06-17 | N/A | 9.8 CRITICAL |
| TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product. | |||||
| CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2026-06-17 | N/A | 4.6 MEDIUM |
| The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | |||||
| CVE-2023-26567 | 1 Sangoma | 1 Freepbx Linux 7 | 2026-06-17 | N/A | 8.1 HIGH |
| Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. | |||||
| CVE-2023-26221 | 1 Tibco | 3 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Server | 2026-06-17 | N/A | 5.0 MEDIUM |
| The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0. | |||||
| CVE-2023-26204 | 1 Fortinet | 1 Fortisiem | 2026-06-17 | N/A | 3.7 LOW |
| A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | |||||
| CVE-2023-25760 | 1 Uniguest | 1 Tripleplay | 2026-06-17 | N/A | 8.8 HIGH |
| Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | |||||
| CVE-2023-25740 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 8.8 HIGH |
| After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. | |||||
| CVE-2023-25686 | 1 Ibm | 1 Security Key Lifecycle Manager | 2026-06-17 | N/A | 6.2 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. | |||||
| CVE-2023-25532 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure. | |||||
| CVE-2023-25531 | 1 Nvidia | 2 Dgx H100, Dgx H100 Firmware | 2026-06-17 | N/A | 7.6 HIGH |
| NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges. | |||||
| CVE-2023-25495 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2026-06-17 | N/A | 4.9 MEDIUM |
| A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | |||||
| CVE-2023-25413 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials. | |||||