CWE-260
23 CVEs classified under CWE-260. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-57754 | Critical | 9.8 | 2025-08-21 | eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI wit… |
CVE-2017-7925 | Critical | 9.8 | 2017-05-06 | A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-… |
CVE-2025-25022 | Critical | 9.6 | 2025-06-03 | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the envir… |
CVE-2025-6513 | Critical | 9.3 | 2025-06-23 | Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it. |
CVE-2019-3780 | Critical | 9.1 | 2019-03-08 | Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user… |
CVE-2017-7923 | High | 8.8 | 2017-05-06 | A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0… |
CVE-2025-32111 | High | 8.7 | 2025-04-04 | The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout. |
CVE-2021-35033 | High | 7.8 | 2021-11-23 | A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an… |
CVE-2019-25465 | High | 7.5 | 2026-03-11 | Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploi… |
CVE-2025-33093 | High | 7.5 | 2025-05-07 | IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. |
CVE-2025-33119 | Medium | 6.5 | 2025-11-12 | IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. |
CVE-2016-7043 | Medium | 5.9 | 2019-05-15 | It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deplo… |
CVE-2025-36002 | Medium | 5.5 | 2025-10-16 | IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in… |
CVE-2024-45673 | Medium | 5.5 | 2025-02-21 | IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gat… |
CVE-2025-36100 | Medium | 5.1 | 2025-09-07 | IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and… |
CVE-2024-49817 | Medium | 4.4 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged… |
CVE-2025-15151 | Low | 3.7 | 2025-12-28 | A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This ma… |
CVE-2023-2790 | Low | 2.3 | 2023-05-18 | A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/e… |
CVE-2023-53770 | | 2025-12-09 | MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files t… | |
CVE-2023-53739 | | 2025-12-09 | Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files c… |