144 matches found
ZKTeco WL20 安全漏洞
ZKTeco WL20 is a smart fingerprint time and attendance machine from China's Entropy Base Technology ZKTeco. A security vulnerability exists in the ZKTeco WL20 that originates from the storage of plaintext Wi-Fi credentials and configuration data in the device's firmware, which could allow a...
CVE-2025-45702
SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext...
CVE-2025-52164
Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext...
CVE-2025-52164
CVE-2025-52164 affects Agorum core open, versions 11.9.2 and 11.10.1 . The vulnerability is due to credentials being stored in plaintext, impacting confidentiality (HIGH) while other properties remain unchanged; CVSS 3.1 base score 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Connected sources conf...
CVE-2025-1709 CVE-2025-1709
Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...
CVE-2019-10286
Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10351
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10280
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2017-1000245
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...
CVE-2019-10378
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
MAL-2025-191849 Malicious code in qtpv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2e0cfa610f53699fb3d04d6296bf28540a6162be41a7268566e999b070b517a6 Importing the module starts exfiltration of ".session" files, which appear to be used at least by one Telegram library...
Credentials Exposure
github.com/openshift/hive is vulnerable to credential exposure. The vulnerability is due to improper handling of sensitive credentials, allowing them to be stored in the ClusterProvision object instead of being securely managed within Kubernetes Secrets...
CVE-2025-2355 BlackVue App API Endpoint credentials storage
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCSTOKEN/SECRETKEY leads to unprotected storage of credentials. Local access is...
CVE-2025-2355 BlackVue App API Endpoint credentials storage
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCSTOKEN/SECRETKEY leads to unprotected storage of credentials. Local access is...
CVE-2025-2355
The CVE-2025-2355 entry concerns BlackVue App 3.65 on Android. The vulnerability affects an unknown portion of the API Endpoint Handler where manipulating BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required, and public disclosure of the exploit is indicated....
CVE-2024-36790
Netgear WNR614 JNR1010V2/N300-V1.1.0.541.0.1 was discovered to store credentials in plaintext...
CVE-2025-24870
SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive...
CVE-2025-0497 Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability
A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages...
CVE-2025-0497
Rockwell Automation FactoryTalk AssetCentre before V15.00.001 is affected by a data exposure vulnerability in the configuration files of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, and ArchiveLogCleanUp packages. The issue arises from storing credentials insecurely in these configu...
The vulnerability of the MXview One and MXview One Central Manager industrial network management platforms lies in the storage of credentials in an open manner, allowing a malicious actor to gain unauthorized access to protected information.
The vulnerability of the MXview One and MXview One Central Manager industrial network management platforms lies in the storage of credentials in an open manner. Exploiting this vulnerability could allow a perpetrator to gain unauthorized access to protected information...