PT-2026-36193

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.2.1 IBM watsonx.data intelligence versions 5.3.0 through 5.3.1 Description User credentials are stored in plain text, allowing a local user to read them. Recommendations At the moment, the...

PT-2026-28113

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

CVE-2025-33119

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

CVE-2025-33119 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

CVE-2025-64149

CVE-2025-64149 involves the Jenkins Publish to Bitbucket Plugin (versions 0.4 and earlier) with a CSRF vulnerability via an HTTP endpoint. An attacker with Overall/Read permission can initiate requests to an attacker-controlled URL using credentials IDs obtained through other means, potentially c...

CVE-2025-36002

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user...

CVE-2025-36002

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user...

EUVD-2025-34766

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user...

CVE-2025-35054 Newforma Info Exchange (NIX) insufficiently protected credentials

Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...

PT-2025-41470

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description Newforma Info Exchange NIX stores credentials used to configure NPCS in the registry location 'HKLMSoftwareWOW6432NodeNewformaversionCredentials'. These credentials are...

EUVD-2025-32182

Malicious code in bioql PyPI...

EUVD-2025-27116

Malicious code in bioql PyPI...

PT-2025-40402

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments affected versions not specified Description The software stores a significant number of sensitive credentials, including database passwords, MySQL ro...

PT-2025-36444

Name of the Vulnerable Software and Affected Versions: Bender GmbH & Co. KG charge controllers affected versions not specified Description: An authenticated, low-privileged attacker can obtain credentials stored on the charge controller, including the manufacturer password. Recommendations: At th...

CVE-2025-45702

SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext...

Insufficiently Protected Credentials

Overview org.jenkins-ci.plugins:ifttt-build-notifier is a Simple Jenkins Build Status Notifier for IFTTT Maker Channel Trigger. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the storage of sensitive keys in config.xml files. An attacker can gain...

PT-2024-33694 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 4.1 through 4.2.1 Description: The issue concerns the storage of user credentials in configuration files by IBM Security Guardium Key Lifecycle Manager. These credentials can be accessed by...

CVE-2024-5012

Progress WhatsUp Gold

CVE-2023-32202

Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device...

PT-2023-25168 · Digital.Ai +1 · Jenkins Digital.Ai App Management Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Digital.ai App Management Publisher Plugin versions 2.6 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials...