Total
1165 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50945 | 3 Ibm, Linux, Microsoft | 4 Aix, Common Licensing, Linux Kernel and 1 more | 2025-03-11 | 6.2 Medium |
| IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. | ||||
| CVE-2024-47109 | 1 Ibm | 1 Sterling File Gateway | 2025-03-11 | 5.3 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. | ||||
| CVE-2022-23538 | 1 Sylabs | 1 Singularity Container Services Library | 2025-03-10 | 5.2 Medium |
| github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the client to a backing S3 storage server, to perform a multi-part concurrent download. Depending on site configuration, the S3 service may be provided by a third party. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user. The vulnerable multi-part concurrent download flow, with redirect to S3, is only used when communicating with a Singularity Enterprise 1.x installation, or third party server implementing this flow. Interaction with Singularity Enterprise 2.x, and Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow. We encourage all users to update. Users who interact with a Singularity Enterprise 1.x installation, using a 3rd party S3 storage service, are advised to revoke and recreate their authentication tokens within Singularity Enterprise. There is no workaround available at this time. | ||||
| CVE-2024-41770 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Next | 2025-03-07 | 7.5 High |
| IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | ||||
| CVE-2024-41771 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Next | 2025-03-07 | 7.5 High |
| IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | ||||
| CVE-2025-1886 | 2025-03-07 | N/A | ||
| Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials. | ||||
| CVE-2024-44754 | 2025-03-06 | 6.8 Medium | ||
| Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB. | ||||
| CVE-2023-38548 | 1 Veeam | 1 One | 2025-03-06 | 4.3 Medium |
| A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. | ||||
| CVE-2023-37362 | 1 Weintek | 1 Weincloud | 2025-03-06 | 7.2 High |
| Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website. | ||||
| CVE-2025-27650 | 2025-03-05 | 9.8 Critical | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. | ||||
| CVE-2025-27648 | 2025-03-05 | 9.8 Critical | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003. | ||||
| CVE-2023-0457 | 1 Mitsubishielectric | 76 Fx5-enet, Fx5-enet\/ip, Fx5-enet\/ip Firmware and 73 more | 2025-03-05 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server. | ||||
| CVE-2024-12799 | 2025-03-05 | N/A | ||
| Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0. | ||||
| CVE-2025-25570 | 2025-02-28 | 9.8 Critical | ||
| Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials. | ||||
| CVE-2024-38291 | 2025-02-28 | 8.8 High | ||
| In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. | ||||
| CVE-2023-25686 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-02-26 | 6.2 Medium |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. | ||||
| CVE-2025-0760 | 2025-02-26 | 2.7 Low | ||
| A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption. | ||||
| CVE-2023-1574 | 1 Devolutions | 1 Remote Desktop Manager | 2025-02-25 | 6.5 Medium |
| Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. | ||||
| CVE-2022-26844 | 1 Intel | 1 Single Event Api | 2025-02-25 | 7.8 High |
| Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-30296 | 1 Intel | 1 Datacenter Group Event | 2025-02-25 | 7.5 High |
| Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access. | ||||