Total
576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33471 | 2024-11-13 | N/A | 7.2 HIGH | ||
| An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-47529 | 1 Openc3 | 1 Cosmos | 2024-11-13 | N/A | 6.5 MEDIUM |
| OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition. | |||||
| CVE-2024-43429 | 2024-11-12 | N/A | 5.3 MEDIUM | ||
| A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information. | |||||
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2024-11-12 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | |||||
| CVE-2021-34544 | 1 Bkw | 2 Solar-log 500, Solar-log 500 Firmware | 2024-11-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base. | |||||
| CVE-2024-51993 | 2024-11-08 | N/A | 3.4 LOW | ||
| Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application. ### Patches Sanitize parameter ### References N°7631 - Password is stored in clear in the database. | |||||
| CVE-2020-11918 | 2024-11-08 | N/A | 5.4 MEDIUM | ||
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file. | |||||
| CVE-2024-10523 | 1 Tp-link | 2 Tapo H100, Tapo H100 Firmware | 2024-11-08 | N/A | 4.6 MEDIUM |
| This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. | |||||
| CVE-2021-31989 | 1 Axis | 1 Device Manager | 2024-11-08 | 3.5 LOW | 5.3 MEDIUM |
| A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||||
| CVE-2024-34891 | 2024-11-05 | N/A | 6.8 MEDIUM | ||
| Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request. | |||||
| CVE-2024-40594 | 2024-11-04 | N/A | 2.3 LOW | ||
| The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps. | |||||
| CVE-2023-46294 | 2024-11-04 | N/A | 3.4 LOW | ||
| An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute. | |||||
| CVE-2024-28327 | 2024-11-04 | N/A | 8.4 HIGH | ||
| Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. | |||||
| CVE-2024-40457 | 2024-10-31 | N/A | 9.1 CRITICAL | ||
| No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior. | |||||
| CVE-2024-33470 | 2024-10-31 | N/A | 4.9 MEDIUM | ||
| An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-7783 | 1 Mintplexlabs | 1 Anythingllm | 2024-10-31 | N/A | 7.5 HIGH |
| mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3. | |||||
| CVE-2024-28024 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-10-29 | N/A | 4.1 MEDIUM |
| A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | |||||
| CVE-2024-9991 | 2024-10-28 | N/A | N/A | ||
| This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected. | |||||
| CVE-2024-9466 | 1 Paloaltonetworks | 1 Expedition | 2024-10-17 | N/A | 6.5 MEDIUM |
| A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | |||||
| CVE-2023-22584 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2024-10-16 | N/A | 7.5 HIGH |
| The Danfoss AK-EM100 stores login credentials in cleartext. | |||||