Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11193 | 2025-11-03 | 5.5 Medium | ||
| A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. | ||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-11-03 | 5.1 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | ||||
| CVE-2024-36464 | 1 Zabbix | 1 Zabbix | 2025-11-03 | 2.7 Low |
| When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords. | ||||
| CVE-2024-36460 | 1 Zabbix | 1 Zabbix | 2025-11-03 | 8.1 High |
| The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | ||||
| CVE-2025-27656 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011. | ||||
| CVE-2025-36002 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-10-25 | 5.5 Medium |
| IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user. | ||||
| CVE-2025-43938 | 1 Dell | 1 Powerprotect Data Manager | 2025-10-20 | 5 Medium |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. | ||||
| CVE-2024-9418 | 1 Superagi | 1 Superagi | 2025-10-15 | 6.5 Medium |
| In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover. | ||||
| CVE-2025-45702 | 1 Softperfect | 1 Connection Quality Monitor | 2025-10-10 | 6.5 Medium |
| SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext. | ||||
| CVE-2024-39459 | 1 Jenkins | 1 Plain Credentials | 2025-10-10 | 4.3 Medium |
| In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials). | ||||
| CVE-2025-34210 | 1 Vasion | 3 Print Application, Virtual Appliance Application, Virtual Appliance Host | 2025-10-09 | 5.5 Medium |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any local user - or any process that can read the host filesystem - can retrieve all of these secrets in plain text, leading to credential theft and full compromise of the appliance. The vendor does not consider this to be a security vulnerability as this product "follows a shared responsibility model, where administrators are expected to configure persistent storage encryption." | ||||
| CVE-2025-61680 | 2 Jaketcooper, Minecraft | 2 Minecraft-rcon, Minecraft | 2025-10-06 | N/A |
| Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0. | ||||
| CVE-2025-3758 | 2025-10-03 | N/A | ||
| WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-53677 | 1 Jenkins | 1 Xooa | 2025-10-03 | 5.3 Medium |
| Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2025-53671 | 1 Jenkins | 1 Nouvola Divecloud | 2025-10-01 | 6.5 Medium |
| Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53674 | 1 Jenkins | 1 Sensedia Api Platform Tools | 2025-10-01 | 5.3 Medium |
| Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2025-53675 | 1 Jenkins | 1 Warrior Framework | 2025-10-01 | 6.5 Medium |
| Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2024-5960 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2025-09-24 | 9.8 Critical |
| Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24. | ||||
| CVE-2025-48046 | 2025-09-05 | N/A | ||
| An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint. | ||||
| CVE-2025-46809 | 1 Suse | 2 Manager, Manager Server | 2025-09-03 | 5.7 Medium |
| A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2. | ||||