CVE-2025-57806 Local Deep Research's API keys are stored in plain text

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page...

Local Deep Research's API keys are stored in plain text

Affected Versions: 0.2.0 and = 1.0.0 Description: The library stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the...

CVE-2025-4049

Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34...

SIGNUM-NET FARA 信任管理问题漏洞

SIGNUM-NET FARA is a facility management software from SIGNUM-NET Poland. A trust management issue vulnerability exists in SIGNUM-NET FARA version 5.0.80.34 and prior versions, which stems from the use of hard-coded SQLite credentials that could lead to reading and manipulating local databases...

CVE-2025-1709

Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...

PT-2025-27772

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue involves several credentials for the local PostgreSQL database being stored in plain text, with some partially base64 encoded. Recommendations: At the moment, there is no...

CVE-2023-48645

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance modu...

CVE-2021-33733

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33732

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2020-25621

An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords...

PT-2025-22525 · Unknown · Wire-Webapp

Name of the Vulnerable Software and Affected Versions: wire-webapp versions prior to 2025-05-14-production.0 Description: A regression issue in the function to delete local data causes the client's local database not to be deleted upon user logout, even when instructed to do so. This affects both...

CVE-2024-56428

The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials from the CONFIGS table for their servers configured in the client...

CVE-2025-3838

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

CVE-2025-3838 Improper Authorization in the installer for the EOL OVA based connect component

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

PT-2025-17431 · Unknown · Eol Ova Based Connect

Name of the Vulnerable Software and Affected Versions: EOL OVA based connect component affected versions not specified Description: An Improper Authorization issue was identified in the EOL OVA based connect component, which could allow unauthorized access to the local database containing weakly...

Saviynt EOL OVA（Saviynt End of Life OVA） 安全漏洞

Saviynt EOL OVA Saviynt End of Life OVA is a lifecycle component from Saviynt. A security vulnerability exists in Saviynt EOL OVA Saviynt End of Life OVA that stems from improper authorization and could result in unauthorized access to a local database...

The vulnerability of Microsoft On-Premises Data Gateway local servers, related to incorrect authentication, allows attackers to disclose protected information.

The vulnerability of the Microsoft On-Premises Data Gateway local database is related to incorrect authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information...

CVE-2024-6295 udn News App - Insecure Data Storage

udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn...

CVE-2024-6295

CVE-2024-6295 concerns the udn News Android APP, where the app stores the unencrypted user session in the local database after login. The connected CNNVD entry specifies that versions prior to 4.20.1 are affected, enabling a malicious app or an attacker with physical access to retrieve the sessio...

CVE-2023-41816

An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database...