Search Results (818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-14377 1 Rockwellautomation 1 Verve Asset Manager 2026-04-15 N/A
A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024.
CVE-2024-8070 2026-04-15 8.5 High
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary
CVE-2024-54127 2026-04-15 N/A
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
CVE-2024-33471 2026-04-15 7.2 High
An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-7426 1 Minova 1 Tta 2026-04-15 N/A
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.  Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs
CVE-2024-53979 1 Ibm 1 Zhmc 2026-04-15 8.3 High
ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection "ibm.ibm_zhmc" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_ftp_password' and 'ssc_master_pw' properties are passed as input to the zhmc_partition Ansible module. 2. The 'ssc_master_pw' and 'zaware_master_pw' properties are passed as input to the zhmc_lpar Ansible module. 3. The 'password' property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The 'bind_password' property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the "log_file" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-49113 1 Kiuwan 1 Local Analyzer 2026-04-15 7.8 High
The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file "lib.engine/insight/optimyth-insight.jar" contains the file "InsightServicesConfig.properties", which has the configuration tokens "insight.github.user" as well as "insight.github.password" prefilled with credentials. At least the specified username corresponds to a valid GitHub account. The JAR file "lib.engine/insight/optimyth-insight.jar" also contains the file "es/als/security/Encryptor.properties", in which the key used for encrypting the results of any performed scan. This issue affects Kiuwan SAST: <master.1808.p685.q13371
CVE-2025-41647 2026-04-15 5.5 Medium
A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.
CVE-2025-7738 1 Redhat 2 Ansible Automation Platform, Ansible Automation Platform Developer 2026-04-15 4.4 Medium
A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.
CVE-2024-28065 2026-04-15 5.9 Medium
In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.
CVE-2025-2181 1 Paloaltonetworks 1 Checkov 2026-04-15 N/A
A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output.
CVE-2025-41458 2026-04-15 5.5 Medium
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.
CVE-2025-40752 1 Siemens 2 Q100, Q200 2026-04-15 6.2 Medium
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.
CVE-2025-0418 1 Valmet 1 Dna 2026-04-15 N/A
Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
CVE-2025-23291 1 Nvidia 1 License System 2026-04-15 2.4 Low
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2025-3442 2026-04-15 N/A
This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
CVE-2024-52284 1 Suse 1 Rancher 2026-04-15 7.7 High
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.
CVE-2024-53651 2026-04-15 4.6 Medium
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). Affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device.
CVE-2024-23942 2026-04-15 7.1 High
A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.
CVE-2024-45718 2026-04-15 4.6 Medium
Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data.