Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2319 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36002 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-10-25 | 5.5 Medium |
| IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user. | ||||
| CVE-2025-2322 | 1 274056675 | 1 Springboot-openai-chatgpt | 2025-10-24 | 7.3 High |
| A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-47818 | 1 Flocksafety | 1 Gunshot Detection Firmware | 2025-10-24 | 2.2 Low |
| Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection. | ||||
| CVE-2025-1100 | 1 Q-free | 1 Maxtime | 2025-10-24 | 9.8 Critical |
| A CWE-259 "Use of Hard-coded Password" for the root account in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH. | ||||
| CVE-2025-47823 | 1 Flocksafety | 1 License Plate Reader Firmware | 2025-10-23 | 2.2 Low |
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system. | ||||
| CVE-2025-47821 | 1 Flocksafety | 1 Gunshot Detection Firmware | 2025-10-23 | 2.2 Low |
| Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system. | ||||
| CVE-2025-35054 | 1 Newforma | 2 Project Center, Project Center Server | 2025-10-22 | 5.3 Medium |
| Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources. | ||||
| CVE-2025-57767 | 2 Asterisk, Sangoma | 2 Asterisk, Asterisk | 2025-10-20 | 7.5 High |
| Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn't being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds. | ||||
| CVE-2025-58286 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 3.3 Low |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-40774 | 1 Siemens | 1 Sipass Integrated | 2025-10-20 | 4.4 Medium |
| A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise. | ||||
| CVE-2025-43938 | 1 Dell | 1 Powerprotect Data Manager | 2025-10-20 | 5 Medium |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. | ||||
| CVE-2025-20286 | 4 Amazon, Cisco, Microsoft and 1 more | 4 Amazon Web Services, Identity Services Engine, Azure and 1 more | 2025-10-15 | 9.9 Critical |
| A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected. | ||||
| CVE-2024-9418 | 1 Superagi | 1 Superagi | 2025-10-15 | 6.5 Medium |
| In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover. | ||||
| CVE-2025-45702 | 1 Softperfect | 1 Connection Quality Monitor | 2025-10-10 | 6.5 Medium |
| SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext. | ||||
| CVE-2024-39459 | 1 Jenkins | 1 Plain Credentials | 2025-10-10 | 4.3 Medium |
| In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials). | ||||
| CVE-2025-2402 | 1 Knime | 1 Business Hub | 2025-10-08 | 8.6 High |
| A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later | ||||
| CVE-2024-1228 | 2 Eurosoft, Eurosoftsp.zo.o | 2 Przychodnia, Eurosoft Przychodina | 2025-10-07 | 9.8 Critical |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed). | ||||
| CVE-2014-2363 | 1 Morpho | 1 Itemiser 3 | 2025-10-06 | N/A |
| Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request. | ||||
| CVE-2014-2354 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-10-03 | N/A |
| Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | ||||
| CVE-2024-3700 | 1 Estomed | 1 Simple Care | 2025-10-03 | 9.8 Critical |
| Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported. | ||||