Monthly
Cleartext storage of sensitive parameters in Puppet's resource_api module (versions 1.5.0-1.9.1 and 2.0.0) causes passwords and other credential values to persist unmasked in the Puppet agent's local transaction state cache. The sensitive flag - intended to prevent exactly this exposure - is silently dropped during resource_api parameter processing, meaning any resource type built on this API and declaring sensitive parameters leaks those values to the cache filesystem. No public exploit exists and this is not listed in CISA KEV, but the confidentiality impact is high for environments where Puppet manages secrets such as database passwords or API tokens.
Cleartext credential disclosure in OpenProject's Storages module (versions prior to 17.3.3 and 17.4.1) writes the userless OneDrive/SharePoint OAuth access_token in plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, refreshed by an hourly cron and every userless-OAuth call. Because none of the supported cache backends (file_store, memcache, redis) encrypts at rest, an attacker who can read the cache backend retrieves the Azure-AD application-tier bearer token via an anonymous memcached/Redis get. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Sensitive key material extraction is possible in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 (prior to V21 Update 2) due to insufficient protection in the WinCC Certificate Manager component. A local attacker on an affected HMI/SCADA workstation could harvest cryptographic key material that protects operator certificates, potentially enabling impersonation or downstream attacks against industrial control networks. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Medtronic MyCareLink Patient Monitor stores per-product credentials in a recoverable (non-hashed or weakly encrypted) format, allowing physical attackers with device access to extract these credentials and modify encrypted drive data without authentication. Affected models include the 24950 and 24952 monitors. The vulnerability requires physical access to the device (CVSS AV:P) but grants full confidentiality, integrity, and availability impact to stored patient data.
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Langflow up to version 1.8.3 stores authentication settings in cleartext on disk when processing project creation requests, allowing authenticated remote attackers to read sensitive credentials. The vulnerability exists in the create_project/encrypt_auth_settings function within the Project Creation Endpoint, where the auth_settings parameter bypasses encryption despite the function's intent. Publicly available exploit code exists, and the vendor has not released a patch or responded to disclosure notices.
SourceCodester Student Result Management System 1.0 stores authentication credentials in cleartext within an HTTP-accessible file (/login_credentials.txt), allowing unauthenticated remote attackers to retrieve sensitive login information with low complexity. The vulnerability has publicly available exploit code and carries a CVSS 5.3 score reflecting confidentiality impact without integrity or availability compromise.
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal. [CVSS 6.5 MEDIUM]
Pterodactyl is a free, open-source game server management panel. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cleartext storage of sensitive parameters in Puppet's resource_api module (versions 1.5.0-1.9.1 and 2.0.0) causes passwords and other credential values to persist unmasked in the Puppet agent's local transaction state cache. The sensitive flag - intended to prevent exactly this exposure - is silently dropped during resource_api parameter processing, meaning any resource type built on this API and declaring sensitive parameters leaks those values to the cache filesystem. No public exploit exists and this is not listed in CISA KEV, but the confidentiality impact is high for environments where Puppet manages secrets such as database passwords or API tokens.
Cleartext credential disclosure in OpenProject's Storages module (versions prior to 17.3.3 and 17.4.1) writes the userless OneDrive/SharePoint OAuth access_token in plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, refreshed by an hourly cron and every userless-OAuth call. Because none of the supported cache backends (file_store, memcache, redis) encrypts at rest, an attacker who can read the cache backend retrieves the Azure-AD application-tier bearer token via an anonymous memcached/Redis get. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Sensitive key material extraction is possible in Siemens SIMATIC WinCC Unified PC Runtime versions V16 through V21 (prior to V21 Update 2) due to insufficient protection in the WinCC Certificate Manager component. A local attacker on an affected HMI/SCADA workstation could harvest cryptographic key material that protects operator certificates, potentially enabling impersonation or downstream attacks against industrial control networks. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Medtronic MyCareLink Patient Monitor stores per-product credentials in a recoverable (non-hashed or weakly encrypted) format, allowing physical attackers with device access to extract these credentials and modify encrypted drive data without authentication. Affected models include the 24950 and 24952 monitors. The vulnerability requires physical access to the device (CVSS AV:P) but grants full confidentiality, integrity, and availability impact to stored patient data.
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Langflow up to version 1.8.3 stores authentication settings in cleartext on disk when processing project creation requests, allowing authenticated remote attackers to read sensitive credentials. The vulnerability exists in the create_project/encrypt_auth_settings function within the Project Creation Endpoint, where the auth_settings parameter bypasses encryption despite the function's intent. Publicly available exploit code exists, and the vendor has not released a patch or responded to disclosure notices.
SourceCodester Student Result Management System 1.0 stores authentication credentials in cleartext within an HTTP-accessible file (/login_credentials.txt), allowing unauthenticated remote attackers to retrieve sensitive login information with low complexity. The vulnerability has publicly available exploit code and carries a CVSS 5.3 score reflecting confidentiality impact without integrity or availability compromise.
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal. [CVSS 6.5 MEDIUM]
Pterodactyl is a free, open-source game server management panel. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.