Total
1251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25495 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2025-01-30 | 4.9 Medium |
| A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | ||||
| CVE-2023-24506 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2025-01-29 | 7.5 High |
| Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. | ||||
| CVE-2023-28764 | 1 Sap | 1 Businessobjects | 2025-01-28 | 3.7 Low |
| SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. | ||||
| CVE-2023-31136 | 1 Vapor | 1 Postgresnio | 2025-01-28 | 3.7 Low |
| PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users. | ||||
| CVE-2024-28971 | 1 Dell | 1 Openmanage Enterprise Update Manager | 2025-01-27 | 3.5 Low |
| Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2022-41614 | 1 Intel | 1 On Event Series | 2025-01-27 | 5.5 Medium |
| Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-40685 | 1 Intel | 1 Data Center Manager | 2025-01-27 | 6.5 Medium |
| Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2022-47880 | 1 Jedox | 2 Jedox, Jedox Cloud | 2025-01-27 | 6.8 Medium |
| An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | ||||
| CVE-2025-21111 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | 7.5 High |
| Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2025-21102 | 1 Dell | 84 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 81 more | 2025-01-24 | 7.5 High |
| Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2023-32988 | 1 Jenkins | 1 Azure Vm Agents | 2025-01-23 | 4.3 Medium |
| A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-4538 | 1 Comarch | 1 Erp Xl | 2025-01-23 | 6.2 Medium |
| The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2. | ||||
| CVE-2023-33000 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-01-23 | 7.5 High |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2023-2632 | 1 Jenkins | 1 Code Dx | 2025-01-22 | 4.3 Medium |
| Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2023-2633 | 1 Jenkins | 1 Code Dx | 2025-01-22 | 4.3 Medium |
| Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2023-1763 | 2 Apple, Canon | 3 Mac Os X, Macos, Ij Network Tool | 2025-01-22 | 6.5 Medium |
| Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. | ||||
| CVE-2023-33264 | 1 Hazelcast | 1 Hazelcast | 2025-01-21 | 4.3 Medium |
| In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. | ||||
| CVE-2022-2967 | 1 Prosysopc | 2 Ua Modbus Server, Ua Simulation Server | 2025-01-16 | 6.5 Medium |
| Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data. | ||||
| CVE-2022-38469 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | ||||
| CVE-2023-1137 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 6.5 Medium |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | ||||