ReportizFlow
Filtered by vendor
Subscriptions
Total
1365 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11703 | 1 Mozilla | 1 Firefox | 2025-04-05 | 5.7 Medium |
| On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. | ||||
| CVE-2022-4693 | 1 Pickplugins | 1 User Verification | 2025-04-02 | 9.8 Critical |
| The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website. | ||||
| CVE-2023-6259 | 1 Brivo | 4 Acs100, Acs100 Firmware, Acs300 and 1 more | 2025-04-01 | 7.1 High |
| Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3. | ||||
| CVE-2021-39342 | 1 Credova | 1 Financial | 2025-03-31 | 5.3 Medium |
| The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. | ||||
| CVE-2022-46967 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2025-03-31 | 9.8 Critical |
| An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory. | ||||
| CVE-2023-35789 | 2 Rabbitmq-c Project, Redhat | 2 Rabbitmq-c, Enterprise Linux | 2025-03-30 | 5.5 Medium |
| An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. | ||||
| CVE-2025-2277 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 7.5 High |
| Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | ||||
| CVE-2024-6492 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 7.4 High |
| Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website. | ||||
| CVE-2022-33954 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2025-03-27 | 4.6 Medium |
| IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. | ||||
| CVE-2022-43460 | 1 Fujifilm | 1 Driver Distributor | 2025-03-21 | 7.5 High |
| Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. | ||||
| CVE-2023-24619 | 1 Redpanda | 1 Redpanda | 2025-03-21 | 5.5 Medium |
| Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12. | ||||
| CVE-2022-41564 | 1 Tibco | 2 Hawk, Operational Intelligence Hawk Redtail | 2025-03-21 | 6.8 Medium |
| The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0. | ||||
| CVE-2023-25191 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | 7.5 High |
| AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. | ||||
| CVE-2023-23466 | 1 Mediacp | 1 Media Control Panel | 2025-03-19 | 6.5 Medium |
| Media CP Media Control Panel latest version. Insufficiently protected credential change. | ||||
| CVE-2023-23463 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2025-03-19 | 5.3 Medium |
| Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. | ||||
| CVE-2022-43969 | 1 Ricoh | 154 Im 2500, Im 2500 Firmware, Im 2702 and 151 more | 2025-03-19 | 9.1 Critical |
| Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. | ||||
| CVE-2022-38714 | 1 Ibm | 2 Cloud Pak For Data, Datastage | 2025-03-18 | 4.9 Medium |
| IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060. | ||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2025-03-18 | 7.5 High |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | ||||
| CVE-2022-45599 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2025-03-17 | 9.8 Critical |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | ||||
| CVE-2024-47805 | 1 Jenkins | 1 Credentials | 2025-03-14 | 7.5 High |
| Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. | ||||