AVTECH Room Alert Cleartext Storage of Sensitive Information (CVE-2024-33470)

When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative...

CVE-2018-1000176

An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's w...

Siemens SICAM Q100/Q200 Cleartext Storage of Sensitive Information (CVE-2025-40753)

Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes. This plugin only works with Tenable.ot. Please visit...

EUVD-2019-19224

Malware in sbrugna...

EUVD-2018-7616

Malware in sbrugna...

EUVD-2020-29223

Malware in sbrugna...

EUVD-2021-17066

Malware in sbrugna...

EUVD-2022-2556

Malicious code in bioql PyPI...

EUVD-2022-4028

Malicious code in bioql PyPI...

EUVD-2024-31679

Malicious code in bioql PyPI...

EUVD-2024-47740

Malicious code in bioql PyPI...

EUVD-2023-56425

Malicious code in bioql PyPI...

Siemens POWER METER SICAM Q100/Q200 Information Disclosure Vulnerability

SIEMENS POWER METER SICAM Q100 and Siemens POWER METER SICAM Q200 are multifunctional power quality recorders from Siemens. An information disclosure vulnerability exists in the Siemens POWER METER SICAM Q100/Q200, which can be exploited by an attacker to extract the password of an SMTP account a...

PT-2025-32656 · Siemens · Sicam Q100 +1

Name of the Vulnerable Software and Affected Versions: POWER METER SICAM Q100 versions 2.60 through 2.61 POWER METER SICAM Q200 versions 2.70 through 2.79 Description: Affected devices export the password for the SMTP account as plain text in the configuration file. This could allow an...

CVE-2024-3073

The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possibl...

CVE-2024-6694

The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with...

CVE-2023-51728

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

CVE-2018-15748

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...

CVE-2019-9868

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator...