Export limit exceeded: 357829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1392 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9136 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2025-04-20 | N/A |
| An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | ||||
| CVE-2017-5140 | 1 Honeywell | 1 Xl Web Ii Controller | 2025-04-20 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. | ||||
| CVE-2021-22640 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | 7.5 High |
| An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | ||||
| CVE-2024-40583 | 1 Pentaminds | 1 Curovms | 2025-04-17 | 9.1 Critical |
| Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. | ||||
| CVE-2020-25184 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2025-04-16 | 7.8 High |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. | ||||
| CVE-2021-23196 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2025-04-16 | 7.3 High |
| The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. | ||||
| CVE-2021-23207 | 1 Fresenius-kabi | 7 Agilia Connect, Agilia Partner Maintenance Software, Link\+ Agilia and 4 more | 2025-04-16 | 6.5 Medium |
| An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users. | ||||
| CVE-2021-33024 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-16 | 3.7 Low |
| Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | ||||
| CVE-2021-32978 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2025-04-16 | 7.5 High |
| The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. | ||||
| CVE-2022-27179 | 1 Redlion | 2 Da50n, Da50n Firmware | 2025-04-16 | 4.6 Medium |
| A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised. | ||||
| CVE-2022-2103 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2025-04-16 | 9.8 Critical |
| An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | ||||
| CVE-2022-1666 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2025-04-16 | 6.5 Medium |
| The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. | ||||
| CVE-2022-21184 | 1 Atvise | 1 Atvise | 2025-04-15 | 5.9 Medium |
| An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | ||||
| CVE-2022-22458 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2025-04-15 | 6.3 Medium |
| IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009. | ||||
| CVE-2022-4612 | 1 Clickstudios | 1 Passwordstate | 2025-04-15 | 4.3 Medium |
| A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4312 | 1 Arcinformatique | 1 Pcvue | 2025-04-14 | 5.5 Medium |
| A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card. | ||||
| CVE-2013-6372 | 2 Jenkins-ci, Redhat | 2 Subversion-plugin, Openshift | 2025-04-12 | N/A |
| The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. | ||||
| CVE-2014-0040 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors. | ||||
| CVE-2015-3201 | 1 Redhat | 2 Rhel Software Collections, Thermostat | 2025-04-12 | N/A |
| Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. | ||||
| CVE-2015-5955 | 1 Owncloud | 1 Owncloud Client | 2025-04-12 | N/A |
| ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | ||||