Lucene search
K

336 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.8 views

CVE-2023-49341

An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-IIGV1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component...

7.5CVSS6.5AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.9 views

CVE-2023-50945

IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user...

6.2CVSS6.4AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.24 views

CVE-2022-26948

The Archer RSS feed integration for Archer 6.x through 6.9 SP1 6.9.1.0 is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks...

7.5CVSS6.6AI score0.00563EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/01 6:44 a.m.2 views

Insufficiently Protected Credentials

Overview rdsai-cli is an AI-powered CLI tool for Relation database management and analysis Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insecure local storage of sensitive credentials. An attacker can exploit this by accessing the configuration...

6.8CVSS6.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/12/28 8:32 a.m.4 views

CVE-2025-15128

A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...

6.9CVSS5.1AI score0.00272EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/12/28 8:32 a.m.31 views

CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage

A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...

6.9CVSS0.00272EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.7 views

ZKTeco BioTime 安全漏洞

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime versions 9.0.3, 9.0.4, and 9.5.2, which stems from a vulnerability in the parameter...

6.9CVSS5.5AI score0.00272EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.12 views

PT-2025-53643

Name of the Vulnerable Software and Affected Versions ZKTeco BioTime versions 9.0.3 through 9.0.4 ZKTeco BioTime version 9.5.2 Description A security issue exists in ZKTeco BioTime related to the storage of credentials. Manipulation of the backup encryption password decrypt/export encryption...

6.9CVSS6.3AI score0.00272EPSS
Exploits0References15
Packet Storm
Packet Storm
added 2025/12/26 12:0 a.m.208 views

📄 Netbus Backdoor 1.7 Remote Code Execution

Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.152 views

📄 Backdoor.Win32.ControlTotal.t MVID-2025-0702 Insecure Credential Storage

Backdoor.Win32.ControlTotal.t malware listens on TCP port 2032 and requires authentication. The password "jdf4df4vdf" is stored in cleartext within the PE file. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2025 Original source:...

7AI score
Exploits0
EUVD
EUVD
added 2025/12/11 7:40 p.m.5 views

EUVD-2024-55325

HCL Workload Scheduler stores user credentials in plain text which can be read by a local user...

5.5CVSS6.1AI score0.00096EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/11 7:40 p.m.3 views

CVE-2024-42197 HCL Workload Scheduler is vulnerable to plain text storage of a password

HCL Workload Scheduler stores user credentials in plain text which can be read by a local user...

5.5CVSS6.2AI score0.00096EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 7:40 p.m.20 views

CVE-2024-42197

The CVE-2024-42197 entry concerns HCL Workload Scheduler storing user credentials in plain text, allowing a local non-privileged user to read them. The available documents consistently describe the issue as cleartext credential storage without details on affected versions or root cause beyond the...

5.5CVSS6.2AI score0.00096EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 6:23 p.m.47 views

CVE-2025-34428 MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local...

8.4CVSS0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.8 views

PT-2025-50291

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier Description The software contains an issue with insufficiently protected credentials, potentially allowing limited unauthorized write access. An attacker could exploit improperly stored ...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/07 4:35 a.m.7 views

CVE-2025-3784

Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential...

5.5CVSS6.5AI score0.00092EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/07 3:30 a.m.8 views

EUVD-2025-201592

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

5.3CVSS4.6AI score0.00231EPSS
Exploits0References7
NVD
NVD
added 2025/12/07 3:15 a.m.7 views

CVE-2025-14183

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

5.3CVSS0.00231EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/07 12:0 a.m.7 views

SGAI Space1 安全漏洞

SGAI Space1 is an all-in-one NAS and router appliance from China's Speed Gap SGAI. A security vulnerability exists in SGAI Space1 version 1.0.915 and earlier, which stems from an improper credential storage in component gsaiagent in NAS N1211DS, which could lead to credential disclosure...

5.3CVSS4.8AI score0.00231EPSS
Exploits0References7
CVE
CVE
added 2025/12/03 12:0 a.m.19 views

CVE-2025-65841

Summary of CVE-2025-65841 : Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in a local file at ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is “encrypted” via predictable byte-substitution that is trivially revers...

6.2CVSS6.3AI score0.00182EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder