Total
577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47820 | 2025-06-27 | N/A | N/A | ||
| Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code. | |||||
| CVE-2025-47824 | 2025-06-27 | N/A | N/A | ||
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code. | |||||
| CVE-2025-6748 | 2025-06-27 | N/A | 2.1 LOW | ||
| A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-41647 | 2025-06-25 | N/A | 5.5 MEDIUM | ||
| A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions. | |||||
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2025-06-18 | N/A | 7.5 HIGH |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | |||||
| CVE-2025-1499 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user. | |||||
| CVE-2024-24488 | 1 Tendacn | 2 Cp3, Cp3 Firmware | 2025-06-05 | N/A | 5.5 MEDIUM |
| An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. | |||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-06-03 | N/A | 5.5 MEDIUM |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | |||||
| CVE-2025-5154 | 1 Phonepe | 1 Phonepe | 2025-06-03 | N/A | 4.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | N/A | 5.5 MEDIUM |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | |||||
| CVE-2025-3395 | 1 Abb | 1 Automation Builder | 2025-05-28 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | |||||
| CVE-2022-41248 | 1 Jenkins | 1 Bigpanda Notifier | 2025-05-27 | N/A | 5.3 MEDIUM |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2021-38150 | 1 Sap | 1 Business Client | 2025-05-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. | |||||
| CVE-2015-8314 | 1 Heartcombo | 1 Devise | 2025-05-27 | N/A | 7.5 HIGH |
| The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | |||||
| CVE-2025-4053 | 2025-05-26 | N/A | N/A | ||
| The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks. | |||||
| CVE-2023-50777 | 1 Jenkins | 1 Paaslane Estimate | 2025-05-22 | N/A | 4.3 MEDIUM |
| Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2018-18984 | 1 Medtronic | 6 29901 Encore Programmer, 29901 Encore Programmer Firmware, Carelink 2090 Programmer and 3 more | 2025-05-22 | 2.1 LOW | 4.6 MEDIUM |
| Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . | |||||
| CVE-2021-33323 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user. | |||||
| CVE-2021-33325 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password. | |||||
| CVE-2022-3540 | 1 Hunter2 Project | 1 Hunter2 | 2025-05-13 | N/A | 6.5 MEDIUM |
| An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses | |||||