Export limit exceeded: 359262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4580 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32328 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | 7.5 High |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | ||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-11-03 | 5.1 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | ||||
| CVE-2023-22332 | 1 Pgpool | 1 Pgpool-ii | 2025-11-03 | 6.5 Medium |
| Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. | ||||
| CVE-2025-27685 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 7.5 High |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001. | ||||
| CVE-2014-5403 | 1 Hospira | 1 Mednet | 2025-11-03 | N/A |
| Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2025-9239 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2025-10-31 | 3.7 Low |
| A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. | ||||
| CVE-2025-62643 | 2 Rbi, Restaurant Brands International | 2 Restaurant Brands International Assistant, Assistant Platform | 2025-10-31 | 3.4 Low |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages. | ||||
| CVE-2024-39746 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling Connect\, Sterling Connect Direct Web Services and 2 more | 2025-10-31 | 5.9 Medium |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-31977 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | 5.3 Medium |
| HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions. | ||||
| CVE-2025-31972 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | 6.5 Medium |
| HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components. | ||||
| CVE-2025-26495 | 1 Tableau | 1 Tableau Server | 2025-10-29 | 7.5 High |
| Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19. | ||||
| CVE-2025-11640 | 2 Furbo, Tomofun | 6 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 3 more | 2025-10-29 | 3.1 Low |
| A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cleartext transmission of sensitive information. Access to the local network is required for this attack. Attacks of this nature are highly complex. The exploitability is reported as difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-21060 | 1 Samsung | 1 Smart Switch | 2025-10-28 | 5.5 Medium |
| Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21061 | 1 Samsung | 1 Smart Switch | 2025-10-28 | 7.1 High |
| Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-47820 | 1 Flocksafety | 1 Gunshot Detection Firmware | 2025-10-24 | 2 Low |
| Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code. | ||||
| CVE-2025-59406 | 3 Flock Safety, Flocksafety, Google | 7 Bravo Edge Ai Compute Device, Bravo Edge Ai Compute Device, Falcon and 4 more | 2025-10-24 | 6.2 Medium |
| The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software. | ||||
| CVE-2025-59409 | 1 Flocksafety | 3 Falcon, License Plate Reader Firmware, Sparrow License Plate Reader | 2025-10-24 | 7.5 High |
| Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware. | ||||
| CVE-2025-47824 | 1 Flocksafety | 1 License Plate Reader Firmware | 2025-10-23 | 2 Low |
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code. | ||||
| CVE-2024-41980 | 1 Siemens | 4 Opcenter Quality, Smartclient Modules, Soa Audit and 1 more | 2025-10-23 | 3.1 Low |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information. | ||||
| CVE-2024-41982 | 1 Siemens | 4 Opcenter Quality, Smartclient Modules, Soa Audit and 1 more | 2025-10-23 | 4.8 Medium |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information. | ||||