Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41647 | 2025-06-26 | 5.5 Medium | ||
| A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions. | ||||
| CVE-2024-56428 | 1 Itech-gmbh | 1 Ilabclient | 2025-06-25 | 5.5 Medium |
| The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client. | ||||
| CVE-2025-32752 | 1 Dell | 1 Thinos | 2025-06-24 | 5.7 Medium |
| Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. | ||||
| CVE-2025-4737 | 1 Tecno | 1 Com.transsion.aivoiceassistant | 2025-06-24 | 6.2 Medium |
| Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage. | ||||
| CVE-2025-27622 | 1 Jenkins | 1 Jenkins | 2025-06-24 | 4.3 Medium |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets. | ||||
| CVE-2025-27623 | 1 Jenkins | 1 Jenkins | 2025-06-24 | 4.3 Medium |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets. | ||||
| CVE-2025-45001 | 1 Numan | 1 React-native-keys | 2025-06-23 | 7.5 High |
| react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools. | ||||
| CVE-2024-46340 | 1 Tp-link | 2 Tl-wr845n, Tl-wr845n Firmware | 2025-06-20 | 9.8 Critical |
| TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. | ||||
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2025-06-18 | 7.5 High |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | ||||
| CVE-2023-51702 | 1 Apache | 2 Airflow, Airflow Cncf Kubernetes | 2025-06-11 | 6.5 Medium |
| Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. | ||||
| CVE-2024-24488 | 1 Tendacn | 2 Cp3, Cp3 Firmware | 2025-06-05 | 5.5 Medium |
| An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. | ||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-06-03 | 5.1 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | ||||
| CVE-2025-5154 | 1 Phonepe | 1 Phonepe | 2025-06-03 | 2.3 Low |
| A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | 4.1 Medium |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | ||||
| CVE-2024-28809 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 8.8 High |
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials. | ||||
| CVE-2024-28810 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 6.6 Medium |
| An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. | ||||
| CVE-2024-28807 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users' passwords by accessing memory dumps of the desktop application. | ||||
| CVE-2024-36790 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | 8.8 High |
| Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. | ||||
| CVE-2025-3395 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.1 High |
| Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||
| CVE-2025-4053 | 2025-05-28 | N/A | ||
| The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks. | ||||