GHSA-JF4F-RR2C-9M58 SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

Impact When SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI. Patches v1.51.1 Workarounds Change the log level to warn or error...

EUVD-2026-21041

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

CVE-2026-35556 Plaintext storage of a password in OpenPLC_V3

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

CVE-2026-23370

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data setnewpassword hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking...

CVE-2026-30796

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Address book sync API modules allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM versions prior to 6.5.0 that stems from a plaintext password fallback issue that could lead to credential disclosure...

VulnCheck KEV: CVE-2018-13317

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm...

CVE-2025-43938

Dell PowerProtect Data Manager, versions 19.19 and 19.20, Hyper-V contains a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to...

infinispan: Credential Leakage in Infinispan CLI

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

MICI NetFax Server 安全漏洞

MICI NetFax Server is a product suite from China's MICI Corporation MICI designed to receive fax messages to user mailboxes via e-mail traffic. A security vulnerability exists in MICI NetFax Server versions prior to 3.0.1.0, which originates from the possibility that an authenticated user could...

CVE-2024-6118

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file...

Teledyne FLIR M300 安全漏洞

The Teledyne FLIR M300 is a camera surveillance device from Teledyne FLIR, USA. A security vulnerability exists in Teledyne FLIR M300 version 2.00-19, which originates from a user account password that is locally encrypted and can be decrypted into plaintext using a utility program...

Mobileiron Sentry 安全漏洞

MobileIron Sentry is a smart gateway product from MobileIron, Inc. A security vulnerability exists in Mobileiron Sentry versions prior to 24.4.1, which originates from the disclosure of a superuser's plaintext password in logs...

ovirt-engine: RHVM admin password is logged unfiltered when using otopi-style

A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss...

NOKIA 1350 OMS 安全漏洞

NOKIA 1350 OMS is an optical management system from the Finnish company Nokia NOKIA. A security vulnerability exists in NOKIA 1350 OMS version R14.2, which originates from the presence of a plaintext administrator password in the Edit Configuration page...

Transtek Mojodat FAM 安全漏洞

Transtek Mojodat FAM is a fixed asset management software from Transtek Lebanon. A security vulnerability exists in Transtek Mojodat FAM Fixed Asset Management version 2.4.6, which originates from a vulnerability that could allow a remote attacker to obtain a plaintext password after a successful...

CVE-2022-23236

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users...

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

samba: SMB1 client connections can be downgraded to plaintext authentication

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required...

DELL Dell EMC Unity和UnityVSA 信息泄露漏洞

DELL Dell EMC Unity and UnityVSA are both products of Dell DELL Corporation, U.S.A. Dell EMC Unity is a unified storage array product.UnityVSA is a suite of virtual Unity storage environments. A security vulnerability exists in Dell EMC Unity, Unity XT, and UnityVSA that stems from a plaintext...