Export limit exceeded: 350927 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1374 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49233 | 1 Visual Planning | 1 Admin Center | 2026-04-15 | 8.8 High |
| Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level. | ||||
| CVE-2024-12511 | 2026-04-15 | 7.6 High | ||
| With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. | ||||
| CVE-2025-54808 | 1 Nanoporetech | 1 Minknow | 2026-04-15 | 7.8 High |
| Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory (/tmp) on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the token is leaked (e.g., via malware infection or other local exploit), and remote access is enabled, it can be used to establish unauthorized remote connections to the sequencer. Remote access must be enabled for remote exploitation to succeed. This may occur either because the user has enabled remote access for legitimate operational reasons or because malware with elevated privileges (e.g., sudo access) enables it without user consent. This vulnerability can be chained with remote access capabilities to generate a developer token from a remote device. Developer tokens can be created with arbitrary expiration dates, enabling persistent access to the sequencer and bypassing standard authentication mechanisms. | ||||
| CVE-2025-54876 | 1 Jansson Project | 1 Jansson | 2026-04-15 | N/A |
| The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease. | ||||
| CVE-2024-22266 | 2026-04-15 | 6.5 Medium | ||
| VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext. | ||||
| CVE-2024-42012 | 2026-04-15 | 5.7 Medium | ||
| GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user. | ||||
| CVE-2025-55739 | 1 Freepbx | 1 Freepbx | 2026-04-15 | N/A |
| api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An attacker with access to the shared OAuth private key could forge JWT tokens, bypass authentication, and potentially gain full access to both REST and GraphQL APIs. Systems with the "api" module enabled, configured and previously activated by an administrator for remote inbound connections may be affected. This issue is fixed in versions 15.0.13, 16.0.15 and 17.0.3. | ||||
| CVE-2024-28325 | 1 Asus | 1 Rt-n12\+ B1 | 2026-04-15 | 6.1 Medium |
| Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | ||||
| CVE-2024-38285 | 1 Motorolasolutions | 1 Vigilant Fixed Lpr Coms Box Bcav1f2 C600 | 2026-04-15 | N/A |
| Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. | ||||
| CVE-2025-13163 | 1 Digiwin | 1 Easyflow Gp | 2026-04-15 | 4.9 Medium |
| EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend. | ||||
| CVE-2024-30119 | 1 Hcl Software | 1 Dryice Optibot Reset Station | 2026-04-15 | 3.7 Low |
| HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection. | ||||
| CVE-2025-13164 | 1 Digiwin | 1 Easyflow Gp | 2026-04-15 | 4.9 Medium |
| EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend. | ||||
| CVE-2024-29216 | 2026-04-15 | 6.1 Medium | ||
| Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware. | ||||
| CVE-2025-0760 | 2026-04-15 | 2.7 Low | ||
| A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption. | ||||
| CVE-2025-25650 | 2026-04-15 | 9.1 Critical | ||
| An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication. | ||||
| CVE-2025-0867 | 2026-04-15 | 9.9 Critical | ||
| The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level. | ||||
| CVE-2024-36127 | 2026-04-15 | 7.5 High | ||
| apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5. | ||||
| CVE-2025-23040 | 2026-04-15 | 6.6 Medium | ||
| GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop relies on Git to perform all network related operations (such as cloning, fetching, and pushing). When a user attempts to clone a repository GitHub Desktop will invoke `git clone` and when Git encounters a remote which requires authentication it will request the credentials for that remote host from GitHub Desktop using the git-credential protocol. Using a maliciously crafted URL it's possible to cause the credential request coming from Git to be misinterpreted by Github Desktop such that it will send credentials for a different host than the host that Git is currently communicating with thereby allowing for secret exfiltration. GitHub username and OAuth token, or credentials for other Git remote hosts stored in GitHub Desktop could be improperly transmitted to an unrelated host. Users should update to GitHub Desktop 3.4.12 or greater which fixes this vulnerability. Users who suspect they may be affected should revoke any relevant credentials. | ||||
| CVE-2025-2908 | 2026-04-15 | N/A | ||
| The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files. | ||||
| CVE-2025-1886 | 1 Sage | 1 Sage 200 Spain | 2026-04-15 | N/A |
| Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials. | ||||