Total
161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20939 | 1 Cisco | 2 Smart Software Manager On-prem, Smart Software Manager Satellite | 2025-07-31 | N/A | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2025-21003 | 1 Samsung | 1 Android | 2025-07-16 | N/A | 5.5 MEDIUM |
| Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-42979 | 2025-07-08 | N/A | 5.6 MEDIUM | ||
| The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user?s windows registry could recreate the original password. There is no impact on integrity or availability of the application | |||||
| CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2025-06-17 | N/A | 6.8 MEDIUM |
| Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | |||||
| CVE-2024-3678 | 1 Adenion | 1 Blog2social | 2025-06-05 | N/A | N/A |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts. | |||||
| CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2025-06-05 | N/A | 8.1 HIGH |
| Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | |||||
| CVE-2022-44581 | 1 Wpmudev | 1 Defender | 2025-05-28 | N/A | 9.8 CRITICAL |
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | |||||
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2025-05-27 | N/A | 6.5 MEDIUM |
| Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | |||||
| CVE-2024-13954 | 2025-05-22 | N/A | N/A | ||
| Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2022-28170 | 1 Broadcom | 1 Fabric Operating System | 2025-05-09 | N/A | 6.5 MEDIUM |
| Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. | |||||
| CVE-2022-40959 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.5 MEDIUM |
| During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2025-2440 | 2025-04-09 | N/A | N/A | ||
| CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode. | |||||
| CVE-2021-36546 | 1 Kitesky | 1 Kitecms | 2025-03-26 | N/A | 7.5 HIGH |
| Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | |||||
| CVE-2025-20886 | 1 Samsung | 1 Android | 2025-03-25 | N/A | 4.4 MEDIUM |
| Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. | |||||
| CVE-2025-24101 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data. | |||||
| CVE-2025-2489 | 2025-03-18 | N/A | N/A | ||
| Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json. | |||||
| CVE-2024-47197 | 1 Apache | 1 Maven Archetype | 2025-03-17 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. We expect that on many developer machines, this also contains credentials. When the user runs mvn verify again (without a mvn clean), this file becomes part of the final artifact. If a developer were to publish this into Maven Central or any other remote repository (whether as a release or a snapshot) their credentials would be published without them knowing. | |||||
| CVE-2025-2241 | 2025-03-17 | N/A | 8.2 HIGH | ||
| A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation. | |||||
| CVE-2025-2157 | 2025-03-15 | N/A | 3.3 LOW | ||
| A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively. | |||||
| CVE-2024-48353 | 1 Yealink | 1 Yealink Meeting Server | 2025-03-07 | N/A | 7.5 HIGH |
| Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. | |||||