Total
772 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34428 | 1 Mailenable | 1 Mailenable | 2026-03-05 | 7.8 High |
| MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control. | ||||
| CVE-2025-34427 | 1 Mailenable | 1 Mailenable | 2026-03-05 | 7.8 High |
| MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control. | ||||
| CVE-2024-55027 | 1 Weintek | 4 Cmt-3072xh2, Cmt-3072xh2 Firmware, Cmt3072xh and 1 more | 2026-03-04 | 7.5 High |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | ||||
| CVE-2025-47147 | 1 Gallagher | 1 Command Centre Mobile Client | 2026-03-04 | 5.7 Medium |
| Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123. | ||||
| CVE-2023-31069 | 1 Tsplus | 1 Tsplus Remote Work | 2026-03-03 | 9.8 Critical |
| An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page. | ||||
| CVE-2025-12679 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 6.5 Medium |
| A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | ||||
| CVE-2025-12680 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 4.9 Medium |
| Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password. | ||||
| CVE-2025-12774 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 7.5 High |
| A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of database tables and encrypted passwords. | ||||
| CVE-2026-3277 | 1 Devolutions | 1 Powershell Universal | 2026-03-02 | N/A |
| The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials | ||||
| CVE-2024-55928 | 1 Xerox | 1 Workplace Suite | 2026-02-28 | 6.5 Medium |
| Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | ||||
| CVE-2026-3221 | 1 Devolutions | 2 Devolutions Server, Server | 2026-02-28 | 4.9 Medium |
| Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access. | ||||
| CVE-2026-23655 | 1 Microsoft | 3 Confidental Containers, Confidential Sidecar Containers, Microsoft Aci Confidential Containers | 2026-02-27 | 6.5 Medium |
| Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-27520 | 1 Binardat | 3 10g08-0800gsm, 10g08-0800gsm Firmware, 10g08-0800gsm Network Switch | 2026-02-26 | 7.5 High |
| Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password. | ||||
| CVE-2026-24319 | 2 Sap, Sap Se | 2 Business One, Sap Business One (b1 Client Memory Dump Files) | 2026-02-26 | 5.8 Medium |
| In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability. | ||||
| CVE-2024-4540 | 1 Redhat | 3 Build Keycloak, Red Hat Single Sign On, Rhosemc | 2026-02-25 | 7.5 High |
| A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. | ||||
| CVE-2023-40238 | 2 Fujitsu, Insyde | 373 Celsius C780, Celsius C780 Firmware, Celsius H5511 and 370 more | 2026-02-25 | 5.5 Medium |
| A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. | ||||
| CVE-2025-14836 | 1 Zzcms | 1 Zzcms | 2026-02-24 | 2.7 Low |
| A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-55334 | 1 Microsoft | 10 Windows, Windows 11, Windows 11 22h2 and 7 more | 2026-02-22 | 6.2 Medium |
| Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-49728 | 1 Microsoft | 1 Pc Manager | 2026-02-20 | 4 Medium |
| Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-22276 | 1 Dell | 3 Ecs Streamer, Elastic Cloud Storage, Objectscale | 2026-02-18 | 5.5 Medium |
| Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||