Credential Leakage

Requests is vulnerable to credential leakage. The vulnerability is due to a URL parsing issue that may expose .netrc credentials to third parties for specially crafted URLs, allowing attackers to exfiltrate sensitive authentication data...

Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025

Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised...

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...

CVE-2023-34339

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...

CVE-2023-30846

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

CVE-2022-46316

A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability...

CVE-2021-27395

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier All versions, SIMATIC Process Historian 2014 All versions SP3 Update 6, SIMATIC Process Historian 2019 All versions, SIMATIC Process Historian 2020 All versions. An interface in the software that is used for critica...

CVE-2019-17394

In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

CVE-2006-7199

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle MITM attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is...

[SECURITY] [DLA 4175-1] mongo-c-driver security update

Debian LTS Advisory DLA-4175-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez May 20, 2025 https://wiki.debian.org/LTS Package : mongo-c-driver Version : 1.17.6-1+deb11u1 CVE ID : CVE-2021-32050 CVE-2023-0437 CVE-2024-6381 CVE-2024-6383 CVE-2025-0755 Multiple...

Debian dla-4175 : libbson-1.0-0 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4175 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4175-1 [email protected]...

i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key

Overview i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. Use of hard-coded cryptographic key CWE-321 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was completed, i-PRO Co., Ltd...

i-PRO Surveillance Cameras和i-PRO Recorders 安全漏洞

i-PRO Surveillance Cameras and i-PRO Recorders are both products of i-PRO Japan. i-PRO Surveillance Cameras are a line of surveillance cameras. i-PRO Recorders are a line of video recorders. A security vulnerability exists in i-PRO Surveillance Cameras and i-PRO Recorders that stems from the use ...

The vulnerability of the UPnP Device Host operating system in Windows allows a hacker to increase their privileges.

The vulnerability of the UPnP Device Host operating system in Windows relates to the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...

Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Australia. A security vulnerability exists in Octopus Deploy that stems from the fact that the server can be induced to send requests containing authentication material, which could...

The vulnerability of the upnphost.dll library in the Windows operating system, which allows attackers to escalate their privileges

The vulnerability of the upnphost.dll library in the Windows operating system is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Windows Update Stack component of the Microsoft Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows Update Stack component of the Microsoft Windows operating system is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Windows Graphics component in Windows operating systems allows attackers to elevate their privileges to a system-level level.

The vulnerability of the Windows Graphics component in Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...