AVTECH Room Alert Cleartext Storage of Sensitive Information (CVE-2024-33470)

When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative...

CVE-2021-31817

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext...

CVE-2022-23236

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users...

CVE-2025-65009

CVE-2025-65009 affects the WODESYS WD-R608U router (WDR122B V2.0 / WDR28). The admin password is stored in plaintext in a configuration file and can be accessed by an unauthorized user via direct reference to the resource. Only version WDR28081123OV1.01 has been tested and confirmed vulnerable; o...

CVE-2025-63361

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to render the Administrator password in plaintext...

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope has a trust management issue vulnerability that stems from...

EUVD-2000-1184

Malware in sbrugna...

EUVD-2007-2758

Malware in sbrugna...

CVE-2025-55976

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint...

CVE-2025-52351

CVE-2025-52351 affects Aikaan IoT management platform v3.25.0325-5-g2e9c59796. The vulnerability arises from sending a newly generated password to users in plaintext via email and including the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz...

CVE-2020-25184

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could...

Siemens LOGO! 安全漏洞

Siemens LOGO! BM Base Module devices are used for basic small-scale automation tasks.SIPLUS extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO! SIPLUS devices use the same firmware as the products on which they are based. A password...

Statamic CMS Security Vulnerability

Statamic is a powerful flat file Cms built on Laravel by Statamic USA. used to store all content, templates, assets and settings in a file instead of a database. A security vulnerability exists in Statamic CMS versions 5.3.0 through 5.6.1, which stems from a user's password confirmation informati...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager that stems from a password plaintext storage vulnerability...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager 2023.1.9 and earlier, which stems from an information disclosure vulnerability that could allow ...

SUSE CVE-2003-1439

Secure Internet Live Conferencing SILC 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information...

Palo Alto Networks Cortex XDR 安全漏洞

Palo Alto Networks Cortex XDR is an extended detection and response platform that natively integrates network, endpoint, cloud, and third-party data from Palo Alto Networks, USA. A security vulnerability exists in the Palo Alto Networks Cortex XDR agent that originates from a local system...

CVE-2022-34802

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2021-20171

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device...

Sifchain: A password in plain text in conf file

I found a password in plain text in \sifnode-develop\ui\e2e\config.js in the source code. password: "coolguy21" Impact I don't know actually how does this affects but passwords in plaintexts are always dangerous...