Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32151 | 2025-11-04 | 5.9 Medium | ||
| User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2023-31001 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-11-03 | 5.1 Medium |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. | ||||
| CVE-2025-44958 | 2 Commscope, Ruckus | 2 Ruckus Network Director, Network Director | 2025-11-03 | 5.3 Medium |
| RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. | ||||
| CVE-2025-35054 | 1 Newforma | 2 Project Center, Project Center Server | 2025-10-22 | 5.3 Medium |
| Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources. | ||||
| CVE-2025-40774 | 1 Siemens | 1 Sipass Integrated | 2025-10-20 | 4.4 Medium |
| A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise. | ||||
| CVE-2025-8904 | 1 Amazon | 1 Emr | 2025-10-14 | 8.5 High |
| Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below. | ||||
| CVE-2024-45744 | 1 Topquadrant | 1 Topbraid Edg | 2025-10-02 | 3 Low |
| TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets. | ||||
| CVE-2025-57789 | 1 Commvault | 2 Commcell, Commvault | 2025-09-10 | 5.4 Medium |
| During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. | ||||
| CVE-2025-0280 | 1 Hcltech | 1 Compass | 2025-09-04 | 7.5 High |
| A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. | ||||
| CVE-2025-58049 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2025-09-02 | 5.8 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn't store passwords in plain text, and it shouldn't be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1. | ||||
| CVE-2024-32042 | 1 Cyberpower | 2 Powerpanel, Powerpanel Business | 2025-07-30 | 4.9 Medium |
| The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. | ||||
| CVE-2024-32122 | 1 Fortinet | 1 Fortios | 2025-07-18 | 2.1 Low |
| A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server. | ||||
| CVE-2025-6995 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 8.4 High |
| Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. | ||||
| CVE-2025-6996 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 8.4 High |
| Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. | ||||
| CVE-2024-51552 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-07-13 | 6 Medium |
| Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-1480 | 1 Unitronics | 5 Vision120, Vision230, Vision280 and 2 more | 2025-07-13 | 7.5 High |
| Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication. | ||||
| CVE-2025-27459 | 2025-07-03 | 4.4 Medium | ||
| The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered. | ||||
| CVE-2025-25983 | 1 Macro-video | 1 V380 Pro | 2025-06-25 | 3.4 Low |
| An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component. | ||||
| CVE-2023-38738 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-06-16 | 6.8 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. | ||||
| CVE-2018-5446 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 4.9 Medium |
| Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. | ||||