Total
625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47824 | 2025-06-27 | N/A | 2.0 LOW | ||
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code. | |||||
| CVE-2025-47820 | 2025-06-27 | N/A | 2.0 LOW | ||
| Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code. | |||||
| CVE-2025-6748 | 2025-06-27 | 1.7 LOW | 2.1 LOW | ||
| A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48463 | 2025-06-26 | N/A | 3.1 LOW | ||
| Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering. | |||||
| CVE-2025-41647 | 2025-06-26 | N/A | 5.5 MEDIUM | ||
| A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions. | |||||
| CVE-2024-56428 | 1 Itech-gmbh | 1 Ilabclient | 2025-06-25 | N/A | 5.5 MEDIUM |
| The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client. | |||||
| CVE-2025-32752 | 1 Dell | 1 Thinos | 2025-06-24 | N/A | 5.7 MEDIUM |
| Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. | |||||
| CVE-2025-27622 | 1 Jenkins | 1 Jenkins | 2025-06-24 | N/A | 4.3 MEDIUM |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets. | |||||
| CVE-2025-27623 | 1 Jenkins | 1 Jenkins | 2025-06-24 | N/A | 4.3 MEDIUM |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets. | |||||
| CVE-2025-45001 | 1 Numan | 1 React-native-keys | 2025-06-23 | N/A | 7.5 HIGH |
| react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools. | |||||
| CVE-2024-46340 | 1 Tp-link | 2 Tl-wr845n, Tl-wr845n Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. | |||||
| CVE-2025-44614 | 1 Tinxy | 2 Wifi Lock Controller, Wifi Lock Controller Firmware | 2025-06-19 | N/A | 7.5 HIGH |
| Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext. | |||||
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2025-06-18 | N/A | 7.5 HIGH |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | |||||
| CVE-2023-51702 | 1 Apache | 2 Airflow, Airflow Cncf Kubernetes | 2025-06-11 | N/A | 6.5 MEDIUM |
| Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. | |||||
| CVE-2025-1499 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user. | |||||
| CVE-2024-24488 | 1 Tendacn | 2 Cp3, Cp3 Firmware | 2025-06-05 | N/A | 5.5 MEDIUM |
| An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. | |||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-06-03 | N/A | 5.1 MEDIUM |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | |||||
| CVE-2025-5154 | 1 Phonepe | 1 Phonepe | 2025-06-03 | 1.4 LOW | 2.3 LOW |
| A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | N/A | 4.1 MEDIUM |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | |||||
| CVE-2024-28809 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | N/A | 8.8 HIGH |
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | |||||