Total
1350 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27109 | 2026-04-15 | 7.6 High | ||
| Insufficiently protected credentials in GE HealthCare EchoPAC products | ||||
| CVE-2023-48010 | 2026-04-15 | 9.8 Critical | ||
| STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | ||||
| CVE-2024-28981 | 2026-04-15 | 8.5 High | ||
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | ||||
| CVE-2024-29071 | 1 Kddi | 1 Hgw Bli500hm Firmware | 2026-04-15 | 8.8 High |
| HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. | ||||
| CVE-2024-8986 | 2026-04-15 | 5.5 Medium | ||
| The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials. | ||||
| CVE-2025-13164 | 1 Digiwin | 1 Easyflow Gp | 2026-04-15 | 4.9 Medium |
| EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend. | ||||
| CVE-2021-47759 | 1 Ttyplus | 1 Mtputty | 2026-04-15 | 6.2 Medium |
| MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials. | ||||
| CVE-2024-12799 | 2026-04-15 | N/A | ||
| Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0. | ||||
| CVE-2025-5922 | 1 Tsplus | 1 Tsplus Remote Access | 2026-04-15 | N/A |
| Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted. LTS (Long-Term Support) versions also received patches in v17.2025.6.27 and v16.2025.6.27 releases. | ||||
| CVE-2023-49233 | 1 Visual Planning | 1 Admin Center | 2026-04-15 | 8.8 High |
| Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level. | ||||
| CVE-2019-17082 | 1 Opentext | 1 Accurev For Ldap Integration | 2026-04-15 | N/A |
| Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1. | ||||
| CVE-2024-23551 | 2026-04-15 | 6.5 Medium | ||
| Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. | ||||
| CVE-2025-54876 | 1 Jansson Project | 1 Jansson | 2026-04-15 | N/A |
| The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease. | ||||
| CVE-2025-37728 | 1 Elastic | 1 Kibana | 2026-04-15 | 5.4 Medium |
| Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access. | ||||
| CVE-2024-30119 | 1 Hcl Software | 1 Dryice Optibot Reset Station | 2026-04-15 | 3.7 Low |
| HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection. | ||||
| CVE-2024-33849 | 2026-04-15 | 6.5 Medium | ||
| ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. | ||||
| CVE-2024-11856 | 2026-04-15 | 3.7 Low | ||
| A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. | ||||
| CVE-2024-29216 | 2026-04-15 | 6.1 Medium | ||
| Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware. | ||||
| CVE-2024-49396 | 1 Elvaco | 1 Cme3100 Firmware | 2026-04-15 | N/A |
| The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. | ||||
| CVE-2024-5176 | 2026-04-15 | N/A | ||
| Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior. | ||||