Total
1144 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-27648 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 9.8 CRITICAL |
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003. | |||||
CVE-2025-27650 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 9.8 CRITICAL |
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. | |||||
CVE-2023-6259 | 1 Brivo | 4 Acs100, Acs100 Firmware, Acs300 and 1 more | 2025-04-01 | N/A | 7.1 HIGH |
Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3. | |||||
CVE-2022-46967 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2025-03-31 | N/A | 9.8 CRITICAL |
An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory. | |||||
CVE-2023-35789 | 1 Rabbitmq-c Project | 1 Rabbitmq-c | 2025-03-30 | N/A | 5.5 MEDIUM |
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. | |||||
CVE-2025-2908 | 2025-03-28 | N/A | N/A | ||
The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files. | |||||
CVE-2025-2277 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.5 HIGH |
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | |||||
CVE-2024-6492 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 7.4 HIGH |
Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website. | |||||
CVE-2024-29071 | 2025-03-28 | N/A | 8.8 HIGH | ||
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. | |||||
CVE-2022-33954 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2025-03-27 | N/A | 4.6 MEDIUM |
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. | |||||
CVE-2015-5955 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 5.0 MEDIUM | N/A |
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | |||||
CVE-2022-43460 | 1 Fujifilm | 1 Driver Distributor | 2025-03-21 | N/A | 7.5 HIGH |
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. | |||||
CVE-2023-24619 | 1 Redpanda | 1 Redpanda | 2025-03-21 | N/A | 5.5 MEDIUM |
Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12. | |||||
CVE-2025-2311 | 2025-03-21 | N/A | 9.0 CRITICAL | ||
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411. | |||||
CVE-2024-54471 | 1 Apple | 1 Macos | 2025-03-20 | N/A | 5.5 MEDIUM |
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials. | |||||
CVE-2022-41564 | 1 Tibco | 2 Hawk, Operational Intelligence Hawk Redtail | 2025-03-20 | N/A | 6.8 MEDIUM |
The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0. | |||||
CVE-2024-9418 | 2025-03-20 | N/A | 6.5 MEDIUM | ||
In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover. | |||||
CVE-2025-25650 | 2025-03-19 | N/A | 9.1 CRITICAL | ||
An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication. | |||||
CVE-2023-25191 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | N/A | 7.5 HIGH |
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. | |||||
CVE-2023-23466 | 1 Mediacp | 1 Media Control Panel | 2025-03-19 | N/A | 6.5 MEDIUM |
Media CP Media Control Panel latest version. Insufficiently protected credential change. |