Search Results (818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-46294 1 Teledyne 1 Flir M300 2026-04-15 3.4 Low
An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute.
CVE-2025-59450 1 Yosmart 1 Yolink Smart Hub 2026-04-15 4.3 Medium
The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials.
CVE-2024-23584 1 Hcltech 1 Bigfix Enterprise Suite Asset Discovery 2026-04-15 6.6 Medium
The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry.
CVE-2025-2181 1 Paloaltonetworks 1 Checkov 2026-04-15 N/A
A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output.
CVE-2025-23027 2026-04-15 N/A
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.
CVE-2025-55280 2026-04-15 N/A
This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device.
CVE-2025-3442 2026-04-15 N/A
This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
CVE-2025-4394 2026-04-15 6.8 Medium
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
CVE-2024-54127 2026-04-15 N/A
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
CVE-2025-59105 1 Dormakaba 1 Access Manager 2026-04-15 N/A
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and read, in order to gain SSH root access on the Linux-based K7 model. On the Windows CE based K5 model, the password for the Access Manager can additionally be read in plain text from the stored SQLite database.
CVE-2025-0418 1 Valmet 1 Dna 2026-04-15 N/A
Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
CVE-2025-27532 2026-04-15 6.5 Medium
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.
CVE-2025-14377 1 Rockwellautomation 1 Verve Asset Manager 2026-04-15 N/A
A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024.
CVE-2024-55582 2026-04-15 5.7 Medium
Oxide before 6 has unencrypted Control Plane datastores.
CVE-2024-23942 2026-04-15 7.1 High
A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.
CVE-2024-36497 1 Faronics 1 Winselect 2026-04-15 9.1 Critical
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.
CVE-2025-2922 2026-04-15 2 Low
A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2909 2026-04-15 N/A
The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.
CVE-2024-46505 2026-04-15 9.1 Critical
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
CVE-2024-4540 1 Redhat 3 Build Keycloak, Red Hat Single Sign On, Rhosemc 2026-04-15 7.5 High
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.