Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48310 | 1 Sophos | 1 Connect | 2025-03-07 | 5.5 Medium |
| An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | ||||
| CVE-2025-26495 | 2025-03-04 | 7.5 High | ||
| Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19. | ||||
| CVE-2025-22896 | 1 Myscada | 1 Mypro | 2025-03-04 | 8.6 High |
| mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. | ||||
| CVE-2023-25596 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | 4.5 Medium |
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. | ||||
| CVE-2024-55928 | 2025-02-24 | 6.5 Medium | ||
| Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | ||||
| CVE-2024-49800 | 1 Ibm | 1 Applinx | 2025-02-22 | 4.3 Medium |
| IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | ||||
| CVE-2024-13843 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | 6 Medium |
| Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | ||||
| CVE-2023-25263 | 1 Stimulsoft | 1 Designer | 2025-02-19 | 5.5 Medium |
| In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems. | ||||
| CVE-2024-36497 | 1 Faronics | 1 Winselect | 2025-02-13 | 9.1 Critical |
| The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely. | ||||
| CVE-2024-31486 | 2025-02-13 | 5.3 Medium | ||
| A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss. | ||||
| CVE-2023-50776 | 1 Jenkins | 1 Paaslane Estimate | 2025-02-13 | 4.3 Medium |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2023-50773 | 1 Jenkins | 1 Dingding Json Pusher | 2025-02-13 | 4.3 Medium |
| Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2023-50772 | 1 Jenkins | 1 Dingding Json Pusher | 2025-02-13 | 4.3 Medium |
| Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | 8.6 High |
| The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | ||||
| CVE-2023-31423 | 1 Broadcom | 1 Brocade Sannav | 2025-02-13 | 5.7 Medium |
| Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. | ||||
| CVE-2023-46653 | 1 Jenkins | 1 Lambdatest-automation | 2025-02-13 | 6.5 Medium |
| Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. | ||||
| CVE-2023-41335 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2025-02-13 | 3.7 Low |
| Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2020-25678 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2025-02-13 | 4.4 Medium |
| A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | ||||
| CVE-2020-17511 | 1 Apache | 1 Airflow | 2025-02-13 | 6.5 Medium |
| In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field. | ||||
| CVE-2024-33471 | 2025-02-13 | 7.2 High | ||
| An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||