Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28782 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-27 | 6.3 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | ||||
| CVE-2022-0555 | 1 Canonical | 1 Subiquity | 2025-08-26 | 8.4 High |
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | ||||
| CVE-2025-33079 | 1 Ibm | 2 Cognos Controller, Controller | 2025-08-26 | 6.5 Medium |
| IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. | ||||
| CVE-2025-4286 | 1 Intelbras | 2 Incontrol, Incontrol Web | 2025-08-20 | 2.7 Low |
| A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release. | ||||
| CVE-2025-2770 | 1 Bectechnologies | 1 Router Firmware | 2025-08-15 | 6.5 Medium |
| BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25986. | ||||
| CVE-2023-50956 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-09 | 4.4 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | ||||
| CVE-2024-49351 | 1 Ibm | 2 Tivoli Workload Scheduler, Workload Scheduler | 2025-08-08 | 5.5 Medium |
| IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. | ||||
| CVE-2024-52361 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-08 | 5.7 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | ||||
| CVE-2025-52164 | 2025-07-22 | 8.2 High | ||
| Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext. | ||||
| CVE-2025-7357 | 2025-07-18 | N/A | ||
| LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs. | ||||
| CVE-2025-1709 | 2025-07-03 | 6.5 Medium | ||
| Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded). | ||||
| CVE-2024-23486 | 2 Buffalo, Buffalo Inc | 11 A2533dhp2, Wsr-2533dhp, Wsr-2533dhp2 and 8 more | 2025-06-30 | 9.8 Critical |
| Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. | ||||
| CVE-2025-6560 | 2025-06-26 | 9.8 Critical | ||
| Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the device is recommended. | ||||
| CVE-2025-6561 | 2025-06-26 | 9.8 Critical | ||
| Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. | ||||
| CVE-2025-25985 | 1 Macro-video | 2 V380e6 C1, V380e6 C1 Firmware | 2025-06-25 | 2.6 Low |
| An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components. | ||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-06-10 | 4.4 Medium |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||||
| CVE-2025-5893 | 2025-06-09 | 9.8 Critical | ||
| Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials. | ||||
| CVE-2025-5760 | 2025-06-06 | 4.9 Medium | ||
| The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password. | ||||
| CVE-2025-2500 | 2025-05-30 | 7.4 High | ||
| A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded. | ||||
| CVE-2024-33375 | 1 Lb-link | 2 Bl-w1210m, Bl-w1210m Firmware | 2025-05-30 | 9.8 Critical |
| LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. | ||||