Total
1267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29447 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2025-06-17 | 5.7 Medium |
| An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | ||||
| CVE-2024-47081 | 2025-06-12 | 5.3 Medium | ||
| Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. | ||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-06-10 | 4.4 Medium |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||||
| CVE-2023-36266 | 1 Keepersecurity | 2 Keeper, Keeperfill | 2025-06-09 | 5.5 Medium |
| An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information). | ||||
| CVE-2025-26628 | 2025-06-04 | 7.3 High | ||
| Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally. | ||||
| CVE-2021-43978 | 1 Allegro | 1 Allegro | 2025-05-30 | 7.1 High |
| Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. | ||||
| CVE-2019-12046 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2025-05-28 | N/A |
| LemonLDAP::NG -2.0.3 has Incorrect Access Control. | ||||
| CVE-2022-41255 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | 6.5 Medium |
| Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-41247 | 1 Jenkins | 1 Bigpanda Notifier | 2025-05-27 | 4.3 Medium |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2018-16153 | 1 Apereo | 1 Opencast | 2025-05-27 | 7.5 High |
| An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | ||||
| CVE-2018-5446 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 4.9 Medium |
| Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. | ||||
| CVE-2018-10622 | 1 Medtronic | 4 Mycarelink 24950 Patient Monitor, Mycarelink 24950 Patient Monitor Firmware, Mycarelink 24952 Patient Monitor and 1 more | 2025-05-22 | 4.9 Medium |
| Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. | ||||
| CVE-2022-37193 | 1 Chipolo | 2 Chipolo, Chipolo One | 2025-05-22 | 7.4 High |
| Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials. | ||||
| CVE-2025-3078 | 2025-05-21 | 8.7 High | ||
| A passback vulnerability which relates to production printers and office multifunction printers. | ||||
| CVE-2025-3079 | 2025-05-21 | 8.7 High | ||
| A passback vulnerability which relates to office/small office multifunction printers and laser printers. | ||||
| CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2025-05-20 | 6.4 Medium |
| Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. | ||||
| CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2025-05-20 | 7.5 High |
| IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | ||||
| CVE-2025-27192 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-05-20 | 2.7 Low |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-26492 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | 7.7 High |
| In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources | ||||
| CVE-2024-42172 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 5.3 Medium |
| HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications. | ||||