Total
741 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58277 | 1 R Radio Network | 1 Radio Network Fm Transmitter | 2025-12-05 | N/A |
| R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access. | ||||
| CVE-2025-59792 | 1 Apache | 1 Kvrocks | 2025-12-04 | 5.3 Medium |
| Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue. | ||||
| CVE-2025-59701 | 1 Entrust | 3 Nshield 5c, Nshield Connect Xc, Nshield Hsmi | 2025-12-04 | 4.1 Medium |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted). | ||||
| CVE-2025-65320 | 1 Abacre | 1 Restaurant Point Of Sale | 2025-12-04 | 7.5 High |
| Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt. | ||||
| CVE-2025-65278 | 1 Grocerymart Project | 1 Grocerymart | 2025-12-01 | 7.5 High |
| An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords. | ||||
| CVE-2025-3784 | 1 Mitsubishielectric | 1 Gx Works2 | 2025-12-01 | 5.5 Medium |
| Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information. | ||||
| CVE-2025-63729 | 1 Syrotech | 1 Sy-gpon-1110-wdont | 2025-11-27 | 9 Critical |
| An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder. | ||||
| CVE-2025-32353 | 2025-11-24 | 8.2 High | ||
| Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file. | ||||
| CVE-2025-25613 | 1 Fs | 1 S3150-8t2f | 2025-11-24 | 7.5 High |
| FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server. | ||||
| CVE-2025-63208 | 1 Bridgetech | 1 Vb288 | 2025-11-24 | 7.5 High |
| An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. | ||||
| CVE-2025-55334 | 1 Microsoft | 10 Windows, Windows 11, Windows 11 22h2 and 7 more | 2025-11-22 | 6.2 Medium |
| Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-49728 | 1 Microsoft | 1 Pc Manager | 2025-11-21 | 4 Medium |
| Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-7738 | 1 Redhat | 2 Ansible Automation Platform, Ansible Automation Platform Developer | 2025-11-20 | 4.4 Medium |
| A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse. | ||||
| CVE-2024-7259 | 2 Ovirt, Redhat | 3 Ovirt-engine, Rhev Hypervisor, Virtualization | 2025-11-20 | 4.4 Medium |
| A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. | ||||
| CVE-2023-4066 | 1 Redhat | 6 Amq Broker, Enterprise Linux, Jboss A-mq and 3 more | 2025-11-20 | 5.5 Medium |
| A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | ||||
| CVE-2024-4840 | 1 Redhat | 1 Openstack | 2025-11-20 | 5.5 Medium |
| An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs. | ||||
| CVE-2024-4235 | 1 Netgear | 2 Dg834gv5, Dg834gv5 Firmware | 2025-11-20 | 2.7 Low |
| A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5384 | 2 Infinispan, Redhat | 3 Infinispan, Data Grid, Jboss Data Grid | 2025-11-20 | 7.2 High |
| A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. | ||||
| CVE-2023-3950 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 5.5 Medium |
| An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it. | ||||
| CVE-2025-54342 | 1 Desktopalert | 2 Pingalert, Pingalert Application Server | 2025-11-19 | 3.3 Low |
| A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies. | ||||