CVE-2026-41319

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

CVE-2022-23236

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users...

EUVD-2002-1432

Malware in sbrugna...

EUVD-2012-6196

Malware in sbrugna...

EUVD-2007-4638

Malware in sbrugna...

EUVD-2005-4690

Malware in sbrugna...

EUVD-2023-23979

Malicious code in bioql PyPI...

EUVD-2025-21913

Malicious code in bioql PyPI...

CVE-2025-50200 RabbitMQ Node can log Basic Auth header from an HTTP request

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...

CVE-2021-20171

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device...

CVE-2017-1000245

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

CVE-1999-0397

The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext...

CVE-2024-36790

Netgear WNR614 JNR1010V2/N300-V1.1.0.541.0.1 was discovered to store credentials in plaintext...

CVE-2024-56362 Navidrome Stores JWT Secret in Plaintext in navidrome.db

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...

Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

CVE-2023-52341

In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed...

CVE-2023-52341

In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed...

Design/Logic Flaw

membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts...

CVE-2002-1096

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code...

DBTools DBManager catalog.mdb Plaintext Local Credential Disclosure

The remote host is running DBManager from DBTool - a GUI to manage MySQL and PostgreSQL databases. This program stores the passwords and IP addresses of the managed databases in an unencrypted file. A local attacker could use the data in this file to log into the managed databases and execute...