ReportizFlow
Filtered by vendor
Subscriptions
Total
1364 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47588 | 2026-04-15 | 4.7 Medium | ||
| In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability. | ||||
| CVE-2024-26330 | 2026-04-15 | 6.5 Medium | ||
| An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it. | ||||
| CVE-2024-28325 | 1 Asus | 1 Rt-n12\+ B1 | 2026-04-15 | 6.1 Medium |
| Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | ||||
| CVE-2023-48010 | 2026-04-15 | 9.8 Critical | ||
| STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | ||||
| CVE-2025-2908 | 2026-04-15 | N/A | ||
| The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files. | ||||
| CVE-2025-58366 | 2026-04-15 | N/A | ||
| Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories (i.e setting username & password in the catalogs configuration) are affected. This is fixed in version 4.9.0. | ||||
| CVE-2025-42897 | 1 Sap | 1 Business One | 2026-04-15 | 5.3 Medium |
| Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability. | ||||
| CVE-2024-6749 | 2026-04-15 | 6.3 Medium | ||
| Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-43812 | 1 Kieback\&peter | 10 Ddc4002 Firmware, Ddc4002e Firmware, Ddc4020e Firmware and 7 more | 2026-04-15 | 8.4 High |
| Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system. | ||||
| CVE-2024-36081 | 2026-04-15 | 9.8 Critical | ||
| Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network. | ||||
| CVE-2025-24508 | 2026-04-15 | 6.4 Medium | ||
| Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage | ||||
| CVE-2024-23551 | 2026-04-15 | 6.5 Medium | ||
| Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. | ||||
| CVE-2024-5176 | 2026-04-15 | N/A | ||
| Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior. | ||||
| CVE-2025-35941 | 1 Myscada | 1 Mypro | 2026-04-15 | 5.5 Medium |
| A password is exposed locally. | ||||
| CVE-2024-12511 | 2026-04-15 | 7.6 High | ||
| With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. | ||||
| CVE-2021-47759 | 1 Ttyplus | 1 Mtputty | 2026-04-15 | 6.2 Medium |
| MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials. | ||||
| CVE-2025-54428 | 1 Musombi123 | 1 Revelacode | 2026-04-15 | 9.8 Critical |
| RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded username and password was accidentally committed to the public repository. This could allow unauthorized access to production or staging databases, potentially leading to data exfiltration, modification, or deletion. This is fixed in version 1.0.1. Workarounds include: immediately rotating credentials for the exposed database user, using a secret manager (like Vault, Doppler, AWS Secrets Manager, etc.) instead of storing secrets directly in code, or auditing recent access logs for suspicious activity. | ||||
| CVE-2025-3079 | 2026-04-15 | 8.7 High | ||
| A passback vulnerability which relates to office/small office multifunction printers and laser printers. | ||||
| CVE-2021-47726 | 1 Nucom | 1 11n Wireless Router | 2026-04-15 | 7.5 High |
| NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to retrieve and decode the admin password in Base64 format. | ||||
| CVE-2025-22372 | 2026-04-15 | N/A | ||
| Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery. Passwords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily. This issue affects BASEC: from 14 Dec 2021. | ||||