Total
683 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1499 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-09 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user. | ||||
| CVE-2024-24488 | 1 Tendacn | 2 Cp3, Cp3 Firmware | 2025-06-05 | 5.5 Medium |
| An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. | ||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-06-03 | 5.1 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | ||||
| CVE-2025-5154 | 1 Phonepe | 1 Phonepe | 2025-06-03 | 2.3 Low |
| A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | 4.1 Medium |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | ||||
| CVE-2024-28809 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 8.8 High |
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | ||||
| CVE-2024-28810 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 6.6 Medium |
| An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. | ||||
| CVE-2024-28807 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application. | ||||
| CVE-2024-36790 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | 8.8 High |
| Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. | ||||
| CVE-2024-47056 | 2025-05-29 | 5.1 Medium | ||
| SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations. Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL. MitigationUpdate Mautic to the latest Mautic version. By default, Mautic does not use .env files for production data. For Apache users: Ensure your web server is configured to respect .htaccess files. For Nginx users: As Nginx does not inherently support .htaccess files, you must manually add a configuration block to your Nginx server configuration to deny access to .env files. Add the following to your Nginx configuration for the Mautic site: location ~ /\.env { deny all; } After modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect. | ||||
| CVE-2025-2120 | 1 Thinkwarestore | 2 F800 Pro, F800 Pro Firmware | 2025-05-28 | 2.1 Low |
| A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3395 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.1 High |
| Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||
| CVE-2025-4053 | 2025-05-28 | N/A | ||
| The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks. | ||||
| CVE-2022-41248 | 1 Jenkins | 1 Bigpanda Notifier | 2025-05-27 | 5.3 Medium |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2021-38150 | 1 Sap | 1 Business Client | 2025-05-27 | 6.5 Medium |
| When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. | ||||
| CVE-2015-8314 | 1 Heartcombo | 1 Devise | 2025-05-27 | 7.5 High |
| The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | ||||
| CVE-2025-46634 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 8.2 High |
| Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate. | ||||
| CVE-2025-46633 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 8.2 High |
| Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43. | ||||
| CVE-2023-50777 | 1 Jenkins | 1 Paaslane Estimate | 2025-05-22 | 4.3 Medium |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2022-32217 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 5.3 Medium |
| A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. | ||||