Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28971 | 1 Dell | 1 Openmanage Enterprise Update Manager | 2025-01-27 | N/A | 3.5 LOW |
| Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2022-47880 | 1 Jedox | 2 Jedox, Jedox Cloud | 2025-01-27 | N/A | 5.3 MEDIUM |
| An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | |||||
| CVE-2025-21111 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | N/A | 7.5 HIGH |
| Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2025-21102 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | N/A | 7.5 HIGH |
| Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2023-32988 | 1 Jenkins | 1 Azure Vm Agents | 2025-01-23 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2024-23306 | 1 F5 | 1 Big-ip Next Cloud-native Network Functions | 2025-01-23 | N/A | 4.4 MEDIUM |
| A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2023-4538 | 1 Comarch | 1 Erp Xl | 2025-01-23 | N/A | 6.2 MEDIUM |
| The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2. | |||||
| CVE-2023-33000 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-01-23 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-0619 | 2025-01-23 | N/A | N/A | ||
| Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords | |||||
| CVE-2017-9248 | 2 Progress, Telerik | 2 Sitefinity, Ui For Asp.net Ajax | 2025-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | |||||
| CVE-2023-33263 | 1 Wftpd Project | 1 Wftpd | 2025-01-16 | N/A | 7.5 HIGH |
| In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. | |||||
| CVE-2025-23040 | 2025-01-15 | N/A | 6.6 MEDIUM | ||
| GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop relies on Git to perform all network related operations (such as cloning, fetching, and pushing). When a user attempts to clone a repository GitHub Desktop will invoke `git clone` and when Git encounters a remote which requires authentication it will request the credentials for that remote host from GitHub Desktop using the git-credential protocol. Using a maliciously crafted URL it's possible to cause the credential request coming from Git to be misinterpreted by Github Desktop such that it will send credentials for a different host than the host that Git is currently communicating with thereby allowing for secret exfiltration. GitHub username and OAuth token, or credentials for other Git remote hosts stored in GitHub Desktop could be improperly transmitted to an unrelated host. Users should update to GitHub Desktop 3.4.12 or greater which fixes this vulnerability. Users who suspect they may be affected should revoke any relevant credentials. | |||||
| CVE-2024-22345 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | N/A | 6.2 MEDIUM |
| IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. | |||||
| CVE-2024-46480 | 2025-01-13 | N/A | 8.4 HIGH | ||
| An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. | |||||
| CVE-2023-25740 | 1 Mozilla | 1 Firefox | 2025-01-09 | N/A | 8.8 HIGH |
| After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. | |||||
| CVE-2024-29992 | 1 Microsoft | 1 Azure Identity Library For .net | 2025-01-09 | N/A | 5.5 MEDIUM |
| Azure Identity Library for .NET Information Disclosure Vulnerability | |||||
| CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2025-01-08 | N/A | 4.6 MEDIUM |
| The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | |||||
| CVE-2024-31899 | 1 Ibm | 1 Cognos Command Center | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. | |||||
| CVE-2024-49817 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | N/A | 4.4 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | |||||
| CVE-2024-56354 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | |||||