Total
708 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23944 | 1 Nextcloud | 1 Mail | 2025-03-10 | 2 Low |
| Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue. | ||||
| CVE-2022-48310 | 1 Sophos | 1 Connect | 2025-03-07 | 5.5 Medium |
| An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. | ||||
| CVE-2025-26495 | 2025-03-04 | 7.5 High | ||
| Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19. | ||||
| CVE-2025-22896 | 1 Myscada | 1 Mypro | 2025-03-04 | 8.6 High |
| mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. | ||||
| CVE-2023-25596 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | 4.5 Medium |
| A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. | ||||
| CVE-2024-55928 | 2025-02-24 | 6.5 Medium | ||
| Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | ||||
| CVE-2024-49800 | 1 Ibm | 1 Applinx | 2025-02-22 | 4.3 Medium |
| IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | ||||
| CVE-2024-13843 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | 6 Medium |
| Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | ||||
| CVE-2023-25263 | 1 Stimulsoft | 1 Designer | 2025-02-19 | 5.5 Medium |
| In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems. | ||||
| CVE-2024-10404 | 2025-02-14 | 5.5 Medium | ||
| CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952 | ||||
| CVE-2024-36497 | 1 Faronics | 1 Winselect | 2025-02-13 | 9.1 Critical |
| The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely. | ||||
| CVE-2024-31486 | 2025-02-13 | 5.3 Medium | ||
| A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss. | ||||
| CVE-2023-50776 | 1 Jenkins | 1 Paaslane Estimate | 2025-02-13 | 4.3 Medium |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2023-50773 | 1 Jenkins | 1 Dingding Json Pusher | 2025-02-13 | 4.3 Medium |
| Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2023-50772 | 1 Jenkins | 1 Dingding Json Pusher | 2025-02-13 | 4.3 Medium |
| Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2023-3489 | 1 Broadcom | 1 Fabric Operating System | 2025-02-13 | 8.6 High |
| The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. | ||||
| CVE-2023-31423 | 1 Broadcom | 1 Brocade Sannav | 2025-02-13 | 5.7 Medium |
| Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave" outputs. | ||||
| CVE-2023-46653 | 1 Jenkins | 1 Lambdatest-automation | 2025-02-13 | 6.5 Medium |
| Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. | ||||
| CVE-2023-41335 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2025-02-13 | 3.7 Low |
| Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2020-25678 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2025-02-13 | 4.4 Medium |
| A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | ||||