CVE-2026-5088

CVE-2026-5088 affects Apache::API::Password for Perl up to version 0.5.2, where salts may be generated with non-cryptographically secure randomness. The _make_salt and _make_salt_bcrypt routines attempt Crypt::URandom and Bytes::Random::Secure; if these modules are unavailable, salts are produced...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

PT-2026-33009

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The make salt and make salt bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simpl...

CVE-2025-11443 JhumanJ OpnForm Forgotten Password email information exposure

A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password Handler. This manipulation causes information exposure through discrepancy. It is possible to initiate the attack remotely. The attac...

EUVD-2021-6989

Malicious code in bioql PyPI...

EUVD-2021-9793

Malicious code in bioql PyPI...

CVE-2023-22481

FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...

CVE-2023-35039

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

ContiNew Admin 安全漏洞

ContiNew Admin is ContiNew open source a continuous iterative optimization of front-end and back-end separation of the middle and back-end management system framework. A security vulnerability exists in ContiNew Admin 3.6.0 and earlier versions, which stems from an unauthenticated password change...

PT-2024-28460 · Entrust · Entrust Instant Financial Issuance

Name of the Vulnerable Software and Affected Versions: Entrust Instant Financial Issuance formerly known as Cardwizard versions 6.8.x and earlier, 6.9.0, 6.9.1, 6.9.2, 6.10.0 Description: The issue concerns the use of a DLL library with a custom AES encryption process that relies on static...

DEBIAN-CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

Design/Logic Flaw

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

CVE-2021-22657 mySCADA myPRO

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

CVE-2021-39342

The CredovaFinancial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8...

U.S. Dept Of Defense: Git repo on https://██████.mil/ discloses API password

Summary: I found a .git repository on https://███████.mil/.git which discloses an API password for Yubikey on 2 different domains, together with full source code. Description: Fetching the git repository and decompressing the objects results in the ability to read the source code of the server,...