Total
651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 6.1 Medium |
| Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2020-36248 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 3.9 Low |
| The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | ||||
| CVE-2022-34388 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2025-03-26 | 7.1 High |
| Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. | ||||
| CVE-2022-43757 | 1 Suse | 1 Rancher | 2025-03-25 | 9.9 Critical |
| A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | ||||
| CVE-2023-0690 | 1 Hashicorp | 1 Boundary | 2025-03-24 | 5 Medium |
| HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0. | ||||
| CVE-2022-24410 | 1 Dell | 310 Alienware 13 R2, Alienware 13 R2 Firmware, Alienware 13 R3 and 307 more | 2025-03-24 | 6.8 Medium |
| Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. | ||||
| CVE-2025-25758 | 2025-03-24 | 7.5 High | ||
| An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml | ||||
| CVE-2024-20292 | 1 Cisco | 1 Duo Authentication For Windows Logon And Rdp | 2025-03-24 | 4.4 Medium |
| A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text. | ||||
| CVE-2024-12604 | 1 Tapandsign | 1 Tap\&sign | 2025-03-19 | 7.3 High |
| Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025. | ||||
| CVE-2019-16638 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2025-03-18 | 7.5 High |
| An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1. | ||||
| CVE-2022-45154 | 2 Opensuse, Suse | 2 Supportutils, Linux Enterprise Server | 2025-03-18 | 4.4 Medium |
| A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions. | ||||
| CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2025-03-14 | 5.7 Medium |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2025-03-14 | 6.5 Medium |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | ||||
| CVE-2024-25024 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-03-13 | 5.5 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. | ||||
| CVE-2024-41716 | 1 Idec | 2 Windldr, Windo\/i-nv4 | 2025-03-13 | 8.1 High |
| Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them. | ||||
| CVE-2024-23584 | 1 Hcltech | 1 Bigfix Enterprise Suite Asset Discovery | 2025-03-13 | 6.6 Medium |
| The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry. | ||||
| CVE-2023-24964 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-12 | 6.2 Medium |
| IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. | ||||
| CVE-2022-41734 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-03-12 | 5.3 Medium |
| IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587. | ||||
| CVE-2022-34351 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-03-12 | 5.9 Medium |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402. | ||||
| CVE-2022-31405 | 1 Mv Idigital Clinic Enterprise Project | 1 Mv Idigital Clinic Enterprise | 2025-03-11 | 6.5 Medium |
| MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext. | ||||