Total
1210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32988 | 1 Jenkins | 1 Azure Vm Agents | 2025-01-23 | 4.3 Medium |
| A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2024-23306 | 1 F5 | 1 Big-ip Next Cloud-native Network Functions | 2025-01-23 | 4.4 Medium |
| A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2023-4538 | 1 Comarch | 1 Erp Xl | 2025-01-23 | 6.2 Medium |
| The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||||
| CVE-2023-33000 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-01-23 | 7.5 High |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2023-2632 | 1 Jenkins | 1 Code Dx | 2025-01-22 | 4.3 Medium |
| Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2023-2633 | 1 Jenkins | 1 Code Dx | 2025-01-22 | 4.3 Medium |
| Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2023-1763 | 2 Apple, Canon | 3 Mac Os X, Macos, Ij Network Tool | 2025-01-22 | 6.5 Medium |
| Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. | ||||
| CVE-2023-33264 | 1 Hazelcast | 1 Hazelcast | 2025-01-21 | 4.3 Medium |
| In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. | ||||
| CVE-2022-2967 | 1 Prosysopc | 2 Ua Modbus Server, Ua Simulation Server | 2025-01-16 | 6.5 Medium |
| Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data. | ||||
| CVE-2022-38469 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | ||||
| CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 6.5 Medium |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | ||||
| CVE-2023-1518 | 1 Cpplusworld | 1 Kvms Pro | 2025-01-16 | 7.8 High |
| CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected. | ||||
| CVE-2023-33263 | 1 Wftpd Project | 1 Wftpd | 2025-01-16 | 7.5 High |
| In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. | ||||
| CVE-2023-2881 | 1 Pimcore | 1 Customer-data-framework | 2025-01-16 | 4.9 Medium |
| Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | ||||
| CVE-2025-23040 | 2025-01-15 | 6.6 Medium | ||
| GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop relies on Git to perform all network related operations (such as cloning, fetching, and pushing). When a user attempts to clone a repository GitHub Desktop will invoke `git clone` and when Git encounters a remote which requires authentication it will request the credentials for that remote host from GitHub Desktop using the git-credential protocol. Using a maliciously crafted URL it's possible to cause the credential request coming from Git to be misinterpreted by Github Desktop such that it will send credentials for a different host than the host that Git is currently communicating with thereby allowing for secret exfiltration. GitHub username and OAuth token, or credentials for other Git remote hosts stored in GitHub Desktop could be improperly transmitted to an unrelated host. Users should update to GitHub Desktop 3.4.12 or greater which fixes this vulnerability. Users who suspect they may be affected should revoke any relevant credentials. | ||||
| CVE-2024-22345 | 1 Ibm | 1 Txseries For Multiplatform | 2025-01-14 | 6.2 Medium |
| IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. | ||||
| CVE-2023-32687 | 1 Tgstation13 | 1 Tgstation-server | 2025-01-13 | 7.7 High |
| tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety. | ||||
| CVE-2024-46480 | 2025-01-13 | 8.4 High | ||
| An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. | ||||
| CVE-2023-31187 | 1 Avaya | 1 Ix Workforce Engagement | 2025-01-10 | 6.5 Medium |
| Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials | ||||
| CVE-2023-25740 | 1 Mozilla | 1 Firefox | 2025-01-09 | 8.8 High |
| After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. | ||||