Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60794 | 2025-11-21 | N/A | 6.5 MEDIUM | ||
| Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques, potentially leading to session hijacking. | |||||
| CVE-2025-61713 | 1 Fortinet | 1 Fortipam | 2025-11-20 | N/A | 4.2 MEDIUM |
| A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands. | |||||
| CVE-2025-4618 | 2025-11-18 | N/A | N/A | ||
| A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue. | |||||
| CVE-2024-25649 | 1 Delinea | 1 Secret Server | 2025-11-13 | N/A | 6.7 MEDIUM |
| In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies. | |||||
| CVE-2025-42888 | 2025-11-12 | N/A | 5.5 MEDIUM | ||
| SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability. | |||||
| CVE-2025-60791 | 2025-10-30 | N/A | 6.2 MEDIUM | ||
| Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump and then they can be used to activate the software on the same machine without purchasing. | |||||
| CVE-2025-48930 | 1 Smarsh | 1 Telemessage | 2025-10-22 | N/A | 2.8 LOW |
| The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues. | |||||
| CVE-2025-9970 | 2025-10-08 | N/A | 7.4 HIGH | ||
| Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21. | |||||
| CVE-2014-2366 | 1 Advantech | 1 Advantech Webaccess | 2025-10-06 | 9.0 HIGH | N/A |
| upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||||
| CVE-2024-24915 | 2 Checkpoint, Microsoft | 2 Smartconsole, Windows | 2025-09-03 | N/A | 6.1 MEDIUM |
| Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them. | |||||
| CVE-2025-52579 | 2025-07-15 | N/A | 9.4 CRITICAL | ||
| Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory before freeing it. | |||||
| CVE-2025-50109 | 2025-07-15 | N/A | 7.7 HIGH | ||
| Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere. | |||||
| CVE-2024-33900 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2024-33901 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2024-36792 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.2 HIGH |
| An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. | |||||
| CVE-2024-49800 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | |||||
| CVE-2024-39732 | 1 Ibm | 1 Datacap | 2024-11-21 | N/A | 4.1 MEDIUM |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. | |||||
| CVE-2023-44153 | 4 Acronis, Apple, Linux and 1 more | 4 Cyber Protect, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
| CVE-2023-40724 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation. | |||||
| CVE-2023-3762 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-234447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||