Export limit exceeded: 16468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359546 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4580 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12679 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 6.5 Medium |
| A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | ||||
| CVE-2025-12680 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 4.9 Medium |
| Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password. | ||||
| CVE-2025-12774 | 2 Broadcom, Brocade | 2 Sannav, Sannav | 2026-03-03 | 7.5 High |
| A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of database tables and encrypted passwords. | ||||
| CVE-2024-55928 | 1 Xerox | 1 Workplace Suite | 2026-02-28 | 6.5 Medium |
| Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | ||||
| CVE-2025-21422 | 1 Qualcomm | 443 Aqt1000, Aqt1000 Firmware, Ar8035 and 440 more | 2026-02-26 | 7.1 High |
| Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses. | ||||
| CVE-2025-27903 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-02-26 | 5.9 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-21482 | 1 Qualcomm | 575 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 572 more | 2026-02-26 | 7.1 High |
| Cryptographic issue while performing RSA PKCS padding decoding. | ||||
| CVE-2025-53139 | 1 Microsoft | 17 Windows, Windows 10, Windows 10 21h2 and 14 more | 2026-02-26 | 7.7 High |
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-11492 | 1 Connectwise | 1 Automate | 2026-02-26 | 9.6 Critical |
| In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications. | ||||
| CVE-2025-13454 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-25 | 5.5 Medium |
| A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information. | ||||
| CVE-2025-13453 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-25 | 4.6 Medium |
| A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive. | ||||
| CVE-2023-40238 | 2 Fujitsu, Insyde | 373 Celsius C780, Celsius C780 Firmware, Celsius H5511 and 370 more | 2026-02-25 | 5.5 Medium |
| A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. | ||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | 7.5 High |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | ||||
| CVE-2023-50703 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2026-02-25 | 6.3 Medium |
| An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | ||||
| CVE-2022-40295 | 1 Phppointofsale | 1 Php Point Of Sale | 2026-02-25 | 4.9 Medium |
| The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks. | ||||
| CVE-2024-38891 | 1 Horizoncloud | 1 Caterease | 2026-02-24 | 9.1 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information. | ||||
| CVE-2025-14836 | 1 Zzcms | 1 Zzcms | 2026-02-24 | 2.7 Low |
| A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2024-5462 | 1 Broadcom | 1 Fabric Operating System | 2026-02-23 | 7.5 High |
| If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified. | ||||
| CVE-2025-55334 | 1 Microsoft | 10 Windows, Windows 11, Windows 11 22h2 and 7 more | 2026-02-22 | 6.2 Medium |
| Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-55248 | 4 Apple, Linux, Microsoft and 1 more | 22 Macos, Linux Kernel, .net and 19 more | 2026-02-22 | 4.8 Medium |
| Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||||