Total
709 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23942 | 2025-08-20 | 7.1 High | ||
| A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS. | ||||
| CVE-2025-2770 | 1 Bectechnologies | 1 Router Firmware | 2025-08-15 | 6.5 Medium |
| BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a recoverable format. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25986. | ||||
| CVE-2025-2181 | 1 Paloaltonetworks | 1 Checkov | 2025-08-14 | N/A |
| A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. | ||||
| CVE-2025-2182 | 1 Palo Alto Networks | 1 Pan-os | 2025-08-13 | N/A |
| A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. | ||||
| CVE-2025-40752 | 1 Siemens | 2 Q100, Q200 | 2025-08-13 | 6.2 Medium |
| A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes. | ||||
| CVE-2025-40753 | 1 Siemens | 2 Q100, Q200 | 2025-08-13 | 6.2 Medium |
| A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes. | ||||
| CVE-2025-55280 | 2025-08-13 | N/A | ||
| This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device. | ||||
| CVE-2025-54464 | 2025-08-13 | N/A | ||
| This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials stored in the firmware of targeted device. | ||||
| CVE-2019-4687 | 1 Ibm | 1 Security Guardium Data Encryption | 2025-08-12 | 5.3 Medium |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823. | ||||
| CVE-2025-51055 | 1 Vedo | 1 Vedo Suite | 2025-08-12 | 8.6 High |
| Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information. | ||||
| CVE-2025-44649 | 1 Trendnet | 2 Tew-wlc100p, Tew-wlc100p Firmware | 2025-08-07 | 7.5 High |
| In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase 1 exposes identity information in plaintext, is vulnerable to offline dictionary attacks, and lacks flexibility in negotiating security parameters. | ||||
| CVE-2025-50777 | 1 Aziot | 2 2mp Full Hd Smart Wi-fi Cctv Home Security Camera, 2mp Full Hd Smart Wi-fi Cctv Home Security Camera Firmware | 2025-08-06 | 7.8 High |
| The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems. | ||||
| CVE-2025-8528 | 1 Xboot Project | 1 Xboot | 2025-08-05 | 3.7 Low |
| A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7738 | 1 Redhat | 2 Ansible Automation Platform, Ansible Automation Platform Developer | 2025-08-04 | 4.4 Medium |
| A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse. | ||||
| CVE-2025-54422 | 2 Sandboxie, Sandboxie-plus | 2 Sandboxie, Sandboxie | 2025-08-04 | 5.5 Medium |
| Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2. | ||||
| CVE-2025-30124 | 1 Marbella | 1 Kr8s Dashcam | 2025-07-30 | 9.8 Critical |
| An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password. | ||||
| CVE-2024-7259 | 2 Ovirt, Redhat | 3 Ovirt-engine, Rhev Hypervisor, Virtualization | 2025-07-30 | 4.4 Medium |
| A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. | ||||
| CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2025-07-30 | 5.7 Medium |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2025-54538 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | 5.5 Medium |
| In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command | ||||
| CVE-2025-54537 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | 5.5 Medium |
| In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots | ||||