Monthly
ILM Informatique OpenConcerto 1.7.5 stores sensitive passwords in plaintext, allowing authenticated local users to retrieve embedded credentials with low complexity. The vulnerability enables information disclosure of authentication data accessible via local file access, confirmed by CISA SSVC framework as having partial technical impact but no evidence of active exploitation.
IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 store user credentials in plain text within local filesystem locations, allowing any local user to read sensitive authentication material without authentication. This information disclosure vulnerability affects confidentiality but not integrity or availability, and requires local filesystem access to exploit.
Langflow up to version 1.8.3 stores API credentials without encryption in the remove_api_keys and has_api_terms functions, allowing remote attackers with high privileges to disclose sensitive credentials through the Flow Using API component. The vulnerability has publicly available exploit code, though real-world exploitation likelihood is constrained by the requirement for high-privilege access; vendor has not responded to disclosure.
Sparx Pro Cloud Server 6.0.163 stores user passwords in plaintext when OpenID authentication is configured, allowing remote unauthenticated attackers to extract credentials with network access to the backend database or file system. CVSS 9.3 (Critical) reflects network-accessible plaintext credential exposure. EPSS score of 0.05% (15th percentile) indicates low probability of widespread exploitation despite severity. No active exploitation confirmed (not in CISA KEV), but SSVC classifies as automatable with total technical impact. Vendor has released version 6.1 with fix per change history.
Plaintext credential storage in OpenPLC_V3 enables network-based attackers to retrieve authentication credentials without requiring prior authentication or user interaction, leading to complete system compromise. The CVSS v4.0 score of 9.2 reflects critical-severity risk from network-accessible credential exposure affecting confidentiality and integrity across all OpenPLC_V3 deployments. No public exploit identified at time of analysis.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 store user credentials and other sensitive information in plain text, allowing local users to read this data. This is a high-severity information disclosure vulnerability with a CVSS score of 7.1, primarily due to the potential for complete confidentiality breach across security boundaries. A patch is available from IBM, and there is no evidence of active exploitation or public proof-of-concept at this time.
NATS.io nats-server versions prior to v2.12.6 and v2.11.15 expose MQTT user passwords through unsecured monitoring endpoints. The vulnerability incorrectly classifies MQTT passwords as non-authenticating identity statements (JWT), causing them to leak via monitoring APIs accessible over the network without authentication. With a CVSS score of 8.6 and network-based attack vector requiring no privileges, this poses significant risk to credential confidentiality in MQTT deployments, though no active exploitation (KEV) or public proof-of-concept is currently documented.
The Nexxt Solutions Nebula 300+ wireless router stores sensitive administrative credentials and WiFi pre-shared keys in plaintext within exported configuration backup files, enabling information disclosure through CWE-256 (Plaintext Storage of Password). This vulnerability affects firmware versions through 12.01.01.37 and allows an attacker who gains access to a backup file to immediately obtain full administrative and wireless network access without requiring cryptographic attacks. No CVSS score, EPSS data, or active KEV designation is currently available, but the plaintext credential exposure represents a critical risk for any environment relying on configuration backups.
A remote code execution vulnerability in CityData CityChat (CVSS 2.5). Risk factors: public PoC available.
A remote code execution vulnerability in Albert Sağlık Hizmetleri ve Ticaret Albert Health (CVSS 2.5). Risk factors: public PoC available.
ILM Informatique OpenConcerto 1.7.5 stores sensitive passwords in plaintext, allowing authenticated local users to retrieve embedded credentials with low complexity. The vulnerability enables information disclosure of authentication data accessible via local file access, confirmed by CISA SSVC framework as having partial technical impact but no evidence of active exploitation.
IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 store user credentials in plain text within local filesystem locations, allowing any local user to read sensitive authentication material without authentication. This information disclosure vulnerability affects confidentiality but not integrity or availability, and requires local filesystem access to exploit.
Langflow up to version 1.8.3 stores API credentials without encryption in the remove_api_keys and has_api_terms functions, allowing remote attackers with high privileges to disclose sensitive credentials through the Flow Using API component. The vulnerability has publicly available exploit code, though real-world exploitation likelihood is constrained by the requirement for high-privilege access; vendor has not responded to disclosure.
Sparx Pro Cloud Server 6.0.163 stores user passwords in plaintext when OpenID authentication is configured, allowing remote unauthenticated attackers to extract credentials with network access to the backend database or file system. CVSS 9.3 (Critical) reflects network-accessible plaintext credential exposure. EPSS score of 0.05% (15th percentile) indicates low probability of widespread exploitation despite severity. No active exploitation confirmed (not in CISA KEV), but SSVC classifies as automatable with total technical impact. Vendor has released version 6.1 with fix per change history.
Plaintext credential storage in OpenPLC_V3 enables network-based attackers to retrieve authentication credentials without requiring prior authentication or user interaction, leading to complete system compromise. The CVSS v4.0 score of 9.2 reflects critical-severity risk from network-accessible credential exposure affecting confidentiality and integrity across all OpenPLC_V3 deployments. No public exploit identified at time of analysis.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 store user credentials and other sensitive information in plain text, allowing local users to read this data. This is a high-severity information disclosure vulnerability with a CVSS score of 7.1, primarily due to the potential for complete confidentiality breach across security boundaries. A patch is available from IBM, and there is no evidence of active exploitation or public proof-of-concept at this time.
NATS.io nats-server versions prior to v2.12.6 and v2.11.15 expose MQTT user passwords through unsecured monitoring endpoints. The vulnerability incorrectly classifies MQTT passwords as non-authenticating identity statements (JWT), causing them to leak via monitoring APIs accessible over the network without authentication. With a CVSS score of 8.6 and network-based attack vector requiring no privileges, this poses significant risk to credential confidentiality in MQTT deployments, though no active exploitation (KEV) or public proof-of-concept is currently documented.
The Nexxt Solutions Nebula 300+ wireless router stores sensitive administrative credentials and WiFi pre-shared keys in plaintext within exported configuration backup files, enabling information disclosure through CWE-256 (Plaintext Storage of Password). This vulnerability affects firmware versions through 12.01.01.37 and allows an attacker who gains access to a backup file to immediately obtain full administrative and wireless network access without requiring cryptographic attacks. No CVSS score, EPSS data, or active KEV designation is currently available, but the plaintext credential exposure represents a critical risk for any environment relying on configuration backups.
A remote code execution vulnerability in CityData CityChat (CVSS 2.5). Risk factors: public PoC available.
A remote code execution vulnerability in Albert Sağlık Hizmetleri ve Ticaret Albert Health (CVSS 2.5). Risk factors: public PoC available.