ReportizFlow
Filtered by vendor
Subscriptions
Total
162 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36464 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 2.7 Low |
| When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords. | ||||
| CVE-2025-61680 | 2 Jaketcooper, Minecraft | 2 Minecraft-rcon, Minecraft | 2025-10-06 | N/A |
| Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0. | ||||
| CVE-2025-3758 | 2025-10-03 | N/A | ||
| WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-34210 | 1 Vasion | 3 Print Application, Virtual Appliance Application, Virtual Appliance Host | 2025-10-03 | N/A |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any local user - or any process that can read the host filesystem - can retrieve all of these secrets in plain text, leading to credential theft and full compromise of the appliance. The vendor does not consider this to be a security vulnerability as this product "follows a shared responsibility model, where administrators are expected to configure persistent storage encryption." | ||||
| CVE-2025-53677 | 1 Jenkins | 1 Xooa | 2025-10-03 | 5.3 Medium |
| Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2025-53671 | 1 Jenkins | 1 Nouvola Divecloud | 2025-10-01 | 6.5 Medium |
| Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53674 | 1 Jenkins | 1 Sensedia Api Platform Tools | 2025-10-01 | 5.3 Medium |
| Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2025-53675 | 1 Jenkins | 1 Warrior Framework | 2025-10-01 | 6.5 Medium |
| Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2024-5960 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2025-09-24 | 9.8 Critical |
| Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24. | ||||
| CVE-2025-43938 | 1 Dell | 1 Powerprotect Data Manager | 2025-09-11 | 5 Medium |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. | ||||
| CVE-2025-48046 | 2025-09-05 | N/A | ||
| An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint. | ||||
| CVE-2025-46809 | 1 Suse | 2 Manager, Manager Server | 2025-09-03 | 5.7 Medium |
| A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2. | ||||
| CVE-2024-45638 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-09-01 | 4.1 Medium |
| IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. | ||||
| CVE-2024-43186 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | ||||
| CVE-2024-3625 | 1 Redhat | 1 Mirror Registry | 2025-08-30 | 7.3 High |
| A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance. | ||||
| CVE-2024-3624 | 1 Redhat | 1 Mirror Registry | 2025-08-30 | 7.3 High |
| A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database. | ||||
| CVE-2024-28782 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-27 | 6.3 Medium |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | ||||
| CVE-2024-3623 | 1 Redhat | 1 Mirror Registry | 2025-08-27 | 8.1 High |
| A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database. | ||||
| CVE-2024-3622 | 1 Redhat | 1 Mirror Registry | 2025-08-27 | 8.8 High |
| A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a malicious actor to craft session cookies and as a consequence, it may lead to gaining access to the affected Quay instance. | ||||
| CVE-2022-0555 | 1 Canonical | 1 Subiquity | 2025-08-26 | 8.4 High |
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | ||||