Export limit exceeded: 357688 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357688 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40680 | 2026-04-15 | N/A | ||
| Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values. | ||||
| CVE-2025-0432 | 2026-04-15 | 5.7 Medium | ||
| EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage. | ||||
| CVE-2025-53758 | 2026-04-15 | N/A | ||
| This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the hardcoded default credentials stored in the firmware of the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted device. | ||||
| CVE-2025-14377 | 1 Rockwellautomation | 1 Verve Asset Manager | 2026-04-15 | N/A |
| A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024. | ||||
| CVE-2024-0066 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2026-04-15 | 5.3 Medium |
| Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-40594 | 2026-04-15 | 2.3 Low | ||
| The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps. | ||||
| CVE-2025-2189 | 2026-04-15 | N/A | ||
| This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device. | ||||
| CVE-2025-27720 | 2026-04-15 | 7.4 High | ||
| The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials. | ||||
| CVE-2025-29314 | 2026-04-15 | 8.1 High | ||
| Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack. | ||||
| CVE-2020-36917 | 2026-04-15 | 7.5 High | ||
| iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications. | ||||
| CVE-2025-64305 | 2026-04-15 | 6.5 Medium | ||
| MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal. | ||||
| CVE-2025-2181 | 1 Paloaltonetworks | 1 Checkov | 2026-04-15 | N/A |
| A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. | ||||
| CVE-2024-5731 | 2026-04-15 | 6.8 Medium | ||
| A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | ||||
| CVE-2024-55196 | 2026-04-15 | 7.5 High | ||
| Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers. | ||||
| CVE-2024-4840 | 1 Redhat | 1 Openstack | 2026-04-15 | 5.5 Medium |
| An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs. | ||||
| CVE-2024-46383 | 2026-04-15 | 2.4 Low | ||
| Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext. | ||||
| CVE-2025-61481 | 1 Mikrotik | 2 Routeros, Switchos | 2026-04-15 | 10 Critical |
| An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials. | ||||
| CVE-2025-23027 | 2026-04-15 | N/A | ||
| next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems. | ||||
| CVE-2025-9513 | 1 Editso | 1 Fuso | 2026-04-15 | 3.7 Low |
| A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. | ||||
| CVE-2025-7214 | 1 Fnkvision | 1 Fnk-gu2 | 2026-04-15 | 1.6 Low |
| A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||