Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4593 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1800 | 1 Phprank | 1 Phprank | 2026-04-16 | 7.5 High |
| phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password. | ||||
| CVE-2001-0103 | 1 Coffeecup Software | 2 Coffeecup Direct Ftp, Coffeecup Free Ftp | 2026-04-16 | N/A |
| CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords. | ||||
| CVE-2000-0589 | 1 Sawmill | 1 Sawmill | 2026-04-16 | N/A |
| SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration. | ||||
| CVE-2003-1389 | 1 Research Triangle Software | 1 Cryptobuddy | 2026-04-16 | N/A |
| RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks. | ||||
| CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2026-04-16 | 5.5 Medium |
| Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | ||||
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2026-04-16 | 7.5 High |
| IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Personal Privacy | 2026-04-16 | 5.5 Medium |
| Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | ||||
| CVE-2001-1473 | 1 Ssh | 1 Ssh | 2026-04-16 | N/A |
| The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target. | ||||
| CVE-2005-3140 | 1 Procom | 2 Netforce 800, Netforce 800 Firmware | 2026-04-16 | 7.5 High |
| Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | ||||
| CVE-2004-2397 | 1 Broadcom | 1 Bluecoat Security Gateway | 2026-04-16 | 7.5 High |
| The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | ||||
| CVE-2001-1537 | 1 Symfony | 1 Twig | 2026-04-16 | 7.5 High |
| The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | ||||
| CVE-2005-2069 | 3 Openldap, Padl, Redhat | 4 Openldap, Nss Ldap, Pam Ldap and 1 more | 2026-04-16 | N/A |
| pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | ||||
| CVE-2001-1481 | 1 Xitami | 1 Xitami | 2026-04-16 | 9.8 Critical |
| Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. | ||||
| CVE-2001-1463 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | N/A |
| The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. | ||||
| CVE-2005-0844 | 1 Nortel | 1 Contivity | 2026-04-16 | N/A |
| Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. | ||||
| CVE-2006-0591 | 2 Redhat, Solar Designer | 2 Enterprise Linux, Crypt Blowfish | 2026-04-16 | N/A |
| The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. | ||||
| CVE-2002-2379 | 1 Cisco | 1 As5350 | 2026-04-16 | N/A |
| Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor | ||||
| CVE-2001-1536 | 1 Audiogalaxy | 1 Audiogalaxy | 2026-04-16 | 7.5 High |
| Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | ||||
| CVE-2026-23655 | 1 Microsoft | 3 Confidental Containers, Confidential Sidecar Containers, Microsoft Aci Confidential Containers | 2026-04-15 | 6.5 Medium |
| Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-35644 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 6.5 Medium |
| OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components. | ||||