Total
735 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53672 | 1 Jenkins | 1 Kryptowire | 2025-11-04 | 6.5 Medium |
| Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53670 | 1 Jenkins | 1 Nouvola Divecloud | 2025-11-04 | 6.5 Medium |
| Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2023-46384 | 1 Loytec | 1 L-inx Configurator | 2025-11-04 | 7.5 High |
| LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device. | ||||
| CVE-2024-29146 | 2025-11-04 | 5.9 Medium | ||
| User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2023-49113 | 1 Kiuwan | 1 Local Analyzer | 2025-11-04 | 7.8 High |
| The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file "lib.engine/insight/optimyth-insight.jar" contains the file "InsightServicesConfig.properties", which has the configuration tokens "insight.github.user" as well as "insight.github.password" prefilled with credentials. At least the specified username corresponds to a valid GitHub account. The JAR file "lib.engine/insight/optimyth-insight.jar" also contains the file "es/als/security/Encryptor.properties", in which the key used for encrypting the results of any performed scan. This issue affects Kiuwan SAST: <master.1808.p685.q13371 | ||||
| CVE-2020-11918 | 1 Svakom | 2 Svakom Siime Eye, Svakom Siime Eye Firmware | 2025-11-04 | 5.4 Medium |
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. | ||||
| CVE-2024-33892 | 1 Hms-networks | 8 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 5 more | 2025-11-04 | 5.3 Medium |
| Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3 | ||||
| CVE-2024-38877 | 1 Siemens | 10 Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System and 7 more | 2025-11-03 | 8.2 High |
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network. | ||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-11-03 | 5.1 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | ||||
| CVE-2023-22332 | 1 Pgpool | 1 Pgpool-ii | 2025-11-03 | 6.5 Medium |
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. | ||||
| CVE-2024-31486 | 2025-11-03 | 5.3 Medium | ||
| A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss. | ||||
| CVE-2025-27685 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 7.5 High |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001. | ||||
| CVE-2025-26495 | 1 Tableau | 1 Tableau Server | 2025-10-29 | 7.5 High |
| Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19. | ||||
| CVE-2025-21060 | 1 Samsung | 1 Smart Switch | 2025-10-28 | 5.5 Medium |
| Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21061 | 1 Samsung | 1 Smart Switch | 2025-10-28 | 7.1 High |
| Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-48428 | 1 Gallagher | 1 Command Centre | 2025-10-27 | 6.7 Medium |
| Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | ||||
| CVE-2025-47820 | 1 Flocksafety | 1 Gunshot Detection Firmware | 2025-10-24 | 2 Low |
| Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code. | ||||
| CVE-2025-59409 | 1 Flocksafety | 3 Falcon, License Plate Reader Firmware, Sparrow License Plate Reader | 2025-10-24 | 7.5 High |
| Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware. | ||||
| CVE-2025-47824 | 1 Flocksafety | 1 License Plate Reader Firmware | 2025-10-23 | 2 Low |
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code. | ||||
| CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2025-10-22 | 5.7 Medium |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||