CVE-2019-16572

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-16542

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

EUVD-2025-24558

Malicious code in bioql PyPI...

EUVD-2022-4836

Malicious code in bioql PyPI...

EUVD-2022-3653

Malicious code in bioql PyPI...

PT-2025-34192 · Undefined · Undefined

New vulnerabilities in Workhorse Software threaten sensitive data in cities and towns across Wisconsin. Key Points: - Two serious vulnerabilities discovered in Workhorse Software's accounting application. - Vulnerabilities expose sensitive personally identifiable information PII stored in the...

CVE-2025-54156

The Sante PACS Server Web Portal sends credential information without encryption...

PT-2025-33701 · Unknown · Sante Pacs Server Web Portal Dcm

Name of the Vulnerable Software and Affected Versions: Sante PACS Server Web Portal affected versions not specified Description: The Sante PACS Server Web Portal transmits credential information without encryption. Recommendations: At the moment, there is no information about a newer version that...

CVE-2025-54464

This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials...

CVE-2025-54464

The CVE-2025-54464 entry concerns ZKTeco WL20. The vulnerability is described as cleartext storage of admin and user credentials within the device firmware. An attacker with physical access could extract the firmware, reverse‑engineer the binary data, and obtain unencrypted credentials, impacting...

CVE-2019-16543

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003097

Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10420

Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003095

Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

The vulnerability in the config.inc.php script of the Nagios XI monitoring tool allows a hacker to gain unauthorized access to protected information.

The vulnerability of the config.inc.php script used in Nagios XI monitoring involves unencrypted storage of user credentials. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the SysPasswordDxe component in the InsydeH2O UEFI firmware creation framework allows a hacker to access confidential information.

The vulnerability of the SysPasswordDxe component in the InsydeH2O UEFI firmware creation framework is related to the unencrypted storage of credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information...

SUSE CVE-2017-1000387

Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.buildpublisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to acce...

PT-2020-15336 · Jenkins · Jenkins Bmc Release Package/Deployment Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BMC Release Package and Deployment Plugin versions 1.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins master. This can be viewed by users with access to t...

The vulnerability of the mysql-gui-tools package (including mysql-query-browser and mysql-admin) arises from the storage of user credentials in an unencrypted form, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the mysql-gui-tools package including mysql-query-browser and mysql-admin is related to the storage of user credentials in an unencrypted form. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through the list of runni...

CVE-2019-16572

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...