46 matches found
CVE-2025-45466
Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...
CVE-2022-43958
A vulnerability has been identified in QMS Automotive All versions V12.39, QMS Automotive All versions V12.39. User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users...
HMS EWON FLEXY 202 安全漏洞
HMS EWON FLEXY 202 is a multi-purpose IIoT data gateway from HMS Sweden. Allows machine builders and users to monitor and collect important KPIs for analysis and predictive maintenance. A security vulnerability exists in the HMS EWON FLEXY 202 that stems from transmitting user credentials in...
CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher
A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...
CVE-2024-25024
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430...
CVE-2024-6833 Zowe CLI Auto-Init Leaks Credentials Locally
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...
CVE-2024-36790
Netgear WNR614 JNR1010V2/N300-V1.1.0.541.0.1 was discovered to store credentials in plaintext...
PT-2024-14279 · Skyworth · Skyworth Router Cm5100
Name of the Vulnerable Software and Affected Versions: Skyworth Router CM5100 version 4.1.1.24 Description: This issue exists due to the transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this by eavesdropping on the victim’s network traffic ...
Default credentials
EisBaer Scada - CWE-256: Plaintext Storage of a Password...
CVE-2023-40724
A vulnerability has been identified in QMS Automotive All versions V12.39. User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation...
SUSE CVE-2017-13771
Lexmark Scan To Network SNF 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to 1 cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or 2...
Qualys Cloud Agent 日志信息泄露漏洞
Qualys Cloud Agent is a lightweight application from Qualys USA, Inc. A single agent for real-time, global visibility and response. A log message disclosure vulnerability exists in Qualys Cloud Agent version 4.8.0-49 that originates from accidentally writing credentials from environment variables...
PT-2022-23303 · Airspan · Airspan Airvelocity 1500
Name of the Vulnerable Software and Affected Versions: Airspan AirVelocity 1500 versions prior to 15.18.00.2511 Description: The web management UI of the affected software displays SNMP credentials in plaintext and stores SNMPv3 credentials unhashed on the filesystem. This allows anyone with web...
CVE-2022-27548
HCL Launch stores user credentials in plain clear text which can be read by a local user...
HCL Technologies HCL Launch 安全漏洞
HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from storing...
CloudBees Jenkins DeployHub Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . DeployHub Plugin is used in which an...
Lenovo XClarity Administrator Information Disclosure Vulnerability (CNVD-2020-19571)
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo LXCA version 2.6.0, which originated...
Unspecified Vulnerability in CloudBees Jenkins Google Calendar Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Google Calendar Plugin is used in one of the...
CVE-2019-10435
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...
CVE-2019-10421
Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...