Export limit exceeded: 43527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4524 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55027 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-04 | 7.5 High |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | ||||
| CVE-2025-47147 | 1 Gallagher | 1 Command Centre Mobile Client | 2026-03-04 | 5.7 Medium |
| Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123. | ||||
| CVE-2023-31069 | 1 Tsplus | 1 Tsplus Remote Work | 2026-03-03 | 9.8 Critical |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | ||||
| CVE-2023-31819 | 1 Keisei Store | 1 Livre | 2026-03-03 | 7.5 High |
| An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | ||||
| CVE-2025-58107 | 1 Microsoft | 4 Exchange, Exchange Server, Exchange Server 2016 and 1 more | 2026-03-03 | 7.5 High |
| In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password. | ||||
| CVE-2025-12679 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 6.5 Medium |
| A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | ||||
| CVE-2025-12680 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 4.9 Medium |
| Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password. | ||||
| CVE-2025-12774 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 7.5 High |
| A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of database tables and encrypted passwords. | ||||
| CVE-2024-55928 | 1 Xerox | 1 Workplace Suite | 2026-02-28 | 6.5 Medium |
| Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | ||||
| CVE-2025-26654 | 2026-02-26 | 6.8 Medium | ||
| SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect. | ||||
| CVE-2025-21422 | 1 Qualcomm | 443 Aqt1000, Aqt1000 Firmware, Ar8035 and 440 more | 2026-02-26 | 7.1 High |
| Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses. | ||||
| CVE-2025-27903 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-02-26 | 5.9 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-21482 | 1 Qualcomm | 575 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 572 more | 2026-02-26 | 7.1 High |
| Cryptographic issue while performing RSA PKCS padding decoding. | ||||
| CVE-2025-53139 | 1 Microsoft | 17 Windows, Windows 10, Windows 10 21h2 and 14 more | 2026-02-26 | 7.7 High |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-11492 | 1 Connectwise | 1 Automate | 2026-02-26 | 9.6 Critical |
| In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications. | ||||
| CVE-2025-13454 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-25 | 5.5 Medium |
| A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information. | ||||
| CVE-2025-13453 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-25 | 4.6 Medium |
| A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive. | ||||
| CVE-2023-40238 | 2 Fujitsu, Insyde | 373 Celsius C780, Celsius C780 Firmware, Celsius H5511 and 370 more | 2026-02-25 | 5.5 Medium |
| A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. | ||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | 7.5 High |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | ||||
| CVE-2023-50703 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2026-02-25 | 6.3 Medium |
| An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | ||||