Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1428 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-37728 1 Elastic 1 Kibana 2026-04-15 5.4 Medium
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.
CVE-2024-27109 2026-04-15 7.6 High
Insufficiently protected credentials in GE HealthCare EchoPAC products
CVE-2023-49233 1 Visual Planning 1 Admin Center 2026-04-15 8.8 High
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level.
CVE-2025-24508 2026-04-15 6.4 Medium
Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
CVE-2024-30119 1 Hcl Software 1 Dryice Optibot Reset Station 2026-04-15 3.7 Low
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header.  This could allow an attacker to intercept or manipulate data during redirection.
CVE-2024-51240 1 Openwrt 1 Luci 2026-04-15 8 High
An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package
CVE-2025-41682 1 Bender 4 Cc612, Cc613, Icc13xx and 1 more 2026-04-15 8.8 High
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
CVE-2024-5176 2026-04-15 N/A
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.
CVE-2025-62794 1 Github-workflow-updater-extension 1 Github-workflow-updater-extension 2026-04-15 3.8 Low
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" api. An attacker with read only access to your home directory could have read this token and used it to perform actions with that token. Update to 0.0.7.
CVE-2025-6081 2026-04-15 6.8 Medium
Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker can force the target device to authenticate to the attacker controlled LDAP service. This will allow the attacker to capture the plaintext password of the configured LDAP service.
CVE-2023-48010 2026-04-15 9.8 Critical
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.
CVE-2025-42897 1 Sap 1 Business One 2026-04-15 5.3 Medium
Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.
CVE-2024-28325 1 Asus 1 Rt-n12\+ B1 2026-04-15 6.1 Medium
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.
CVE-2025-61776 1 Dependencytrack 1 Dependency-track 2026-04-15 4.7 Medium
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` via the HTTP `Authorization` header, and may disclose names and versions of components marked as internal to `api.nuget.org`. This can happen if the Dependency-Track instance contains .NET components, a custom NuGet repository has been configured, the custom repository has been configured with authentication credentials, and the repository server does not provide `PackageBaseAddress` resource in its service index. The issue has been fixed in Dependency-Track 4.13.5. Some workarounds are avaialble. Disable custom NuGet repositories until the patch has been applied, invalidate the previously used credentials, and generate new credentials for usage after the patch has been applied.
CVE-2025-0867 2026-04-15 9.9 Critical
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.
CVE-2024-28981 2026-04-15 8.5 High
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.
CVE-2025-35941 1 Myscada 1 Mypro 2026-04-15 5.5 Medium
A password is exposed locally.
CVE-2024-29071 1 Kddi 1 Hgw Bli500hm Firmware 2026-04-15 8.8 High
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.
CVE-2025-61482 2 Google, Privacyidea 2 Android, Privacyidea 2026-04-15 7.2 High
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts.
CVE-2024-53832 2026-04-15 4.6 Medium
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.