Total
660 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2397 | 1 Broadcom | 1 Bluecoat Security Gateway | 2025-04-03 | 7.5 High |
| The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | ||||
| CVE-2023-24454 | 1 Jenkins | 1 Testquality Updater | 2025-04-02 | 5.5 Medium |
| Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2023-24450 | 1 Jenkins | 1 View-cloner | 2025-04-02 | 6.5 Medium |
| Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2023-24442 | 1 Jenkins | 1 Github Pull Request Coverage Status | 2025-04-02 | 5.5 Medium |
| Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2023-24439 | 1 Jenkins | 1 Jira Pipeline Steps | 2025-04-02 | 5.5 Medium |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-2922 | 2025-04-01 | 2 Low | ||
| A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0418 | 2025-04-01 | N/A | ||
| Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords. | ||||
| CVE-2025-25758 | 1 Kukufm | 1 Kukufm | 2025-04-01 | 7.5 High |
| An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml | ||||
| CVE-2024-28065 | 2025-03-28 | 5.9 Medium | ||
| In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash. | ||||
| CVE-2025-2909 | 2025-03-28 | N/A | ||
| The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information. | ||||
| CVE-2022-48073 | 1 Phicomm | 2 K2, K2 Firmware | 2025-03-28 | 7.5 High |
| Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext. | ||||
| CVE-2022-48071 | 1 Phicomm | 2 K2, K2 Firmware | 2025-03-28 | 7.5 High |
| Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. | ||||
| CVE-2022-45897 | 1 Xerox | 2 Workcentre 3550, Workcentre 3550 Firmware | 2025-03-28 | 6.5 Medium |
| On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. | ||||
| CVE-2023-22332 | 1 Pgpool | 1 Pgpool-ii | 2025-03-28 | 6.5 Medium |
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. | ||||
| CVE-2024-21993 | 1 Netapp | 1 Snapcenter | 2025-03-27 | 5.7 Medium |
| SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. | ||||
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 6.1 Medium |
| Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2020-36248 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 3.9 Low |
| The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | ||||
| CVE-2022-34388 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2025-03-26 | 7.1 High |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. | ||||
| CVE-2022-43757 | 1 Suse | 1 Rancher | 2025-03-25 | 9.9 Critical |
| A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | ||||
| CVE-2023-0690 | 1 Hashicorp | 1 Boundary | 2025-03-24 | 5 Medium |
| HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0. | ||||