Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48073 | 1 Phicomm | 2 K2, K2 Firmware | 2025-03-28 | N/A | 7.5 HIGH |
| Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext. | |||||
| CVE-2025-2909 | 2025-03-28 | N/A | N/A | ||
| The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information. | |||||
| CVE-2024-21993 | 1 Netapp | 1 Snapcenter | 2025-03-27 | N/A | 5.7 MEDIUM |
| SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. | |||||
| CVE-2020-36248 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 2.1 LOW | 3.9 LOW |
| The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | |||||
| CVE-2025-25758 | 2025-03-24 | N/A | 7.5 HIGH | ||
| An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml | |||||
| CVE-2024-20292 | 1 Cisco | 1 Duo Authentication For Windows Logon And Rdp | 2025-03-24 | N/A | 4.4 MEDIUM |
| A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text. | |||||
| CVE-2024-12604 | 1 Tapandsign | 1 Tap\&sign | 2025-03-19 | N/A | 7.3 HIGH |
| Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025. | |||||
| CVE-2019-16638 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1. | |||||
| CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2025-03-14 | 6.8 MEDIUM | 5.7 MEDIUM |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2025-03-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | |||||
| CVE-2024-25024 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-03-13 | N/A | 5.5 MEDIUM |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. | |||||
| CVE-2024-41716 | 1 Idec | 2 Windldr, Windo\/i-nv4 | 2025-03-13 | N/A | 8.1 HIGH |
| Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them. | |||||
| CVE-2024-23584 | 2025-03-13 | N/A | 6.6 MEDIUM | ||
| The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry. | |||||
| CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2025-03-11 | N/A | 4.1 MEDIUM |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | |||||
| CVE-2025-2189 | 2025-03-11 | N/A | N/A | ||
| This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. | |||||
| CVE-2025-2120 | 2025-03-10 | 1.7 LOW | 2.1 LOW | ||
| A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-48310 | 1 Sophos | 1 Connect | 2025-03-07 | N/A | 5.5 MEDIUM |
| An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | |||||
| CVE-2025-27623 | 2025-03-06 | N/A | 4.3 MEDIUM | ||
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets. | |||||
| CVE-2025-27622 | 2025-03-06 | N/A | 4.3 MEDIUM | ||
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets. | |||||
| CVE-2025-27685 | 2025-03-05 | N/A | 7.5 HIGH | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001. | |||||