43 matches found
CVE-2021-47961
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...
CVE-2021-41090
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...
CVE-2024-39674
Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability...
EUVD-2014-2755
Malware in sbrugna...
EUVD-2002-2169
Malware in sbrugna...
EUVD-2017-7107
Malware in sbrugna...
EUVD-2019-15080
Malware in sbrugna...
EUVD-2024-36216
Malicious code in bioql PyPI...
EUVD-2023-49458
Malicious code in bioql PyPI...
EUVD-2024-43156
Malicious code in bioql PyPI...
CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...
CVE-2025-52586
The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...
CVE-2025-54870
VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround thi...
CVE-2025-45702
CVE-2025-45702 affects SoftPerfect Pty Ltd Connection Quality Monitor v1.1. Multiple trusted sources report that the vulnerability stems from credentials being stored in plaintext, exposing sensitive data. The available documents do not provide concrete exploitation details, attacker vectors, or ...
Sensitive Data Exposure
Infinispan CLI is vulnerable to sensitive data exposure. The vulnerability is due to processing a Base64-decoded Kubernetes secret password in plaintext and including it in a command string, which may expose the data in error messages when a command is not found, allowing attackers to exploit thi...
CVE-2012-0070
spamdyke prior to 4.2.1: STARTTLS reveals plaintext...
CVE-2025-2189
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable...
BIT-KAFKA-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...
CVE-2024-41690 Default Credential Storage in Plaintext Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to...
CVE-2024-39674
Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability...