CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...

CVE-2020-29134

The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...

CVE-2018-19748

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug=admin=index=attachment= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a directory travers...

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs...

Exploit for CVE-2024-32830

CVE-2024-32830-poc PoC code to download files with CVE-2024-32...

JetBrains TeamCity < 2025.03 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.03. It is, therefore, affected by a vulnerability as referenced in the TeamCity202503 advisory. - In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log CVE-2025-31139 - In JetBrain...

Arbitary file read through path traversal

Description: The code in genericutils.py has a path traversal vulnerability, which allows an attacker to control the file path provided to the ImageDocument class. This can lead to the reading of arbitrary files on the server, including sensitive system files, through base64 encoding and decoding...

The vulnerability of the CI/CD application integration and delivery system of JetBrains TeamCity, related to the disclosure of information through registration files, allows a hacker to disclose protected information.

The vulnerability of the Continuous Integration and Deployment Application Delivery system CI/CD of JetBrains TeamCity is related to the disclosure of information through registration files due to incorrect encoding based on the base64 standard. Exploiting this vulnerability can allow a malicious...

UBUNTU-CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

Horovod 命令注入漏洞

Horovod is a distributed training framework for TensorFlow, Keras, PyTorc h and Apache MXNet open-sourced by Horovod. A command injection vulnerability exists in Horovod v0.28.1 and earlier versions, which stems from ElasticRendezvousHandler mishandling base64-encoded data, which could lead to...

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild

A devastating new remote code execution RCE vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857, is already available online:...

CVE-2024-52292

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg that originates from an insecure file extension check that can be bypassed to trigger an arbitrary demultiplexer by appending a base64-encoded dat...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2024-46341

The CVE-2024-46341 entry concerns TP-Link TL-WR845N(UN)_V4_190219, where credentials are transmitted in base64-encoded form. Multiple connected sources corroborate that this weak encoding can be decoded by an attacker performing a man-in-the-middle attack, exposing sensitive information. The avai...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

PT-2024-31966 · Tp Link · Tp-Link Tl-Wr845N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR845NUN version V4 190219 Description: The issue concerns the transmission of credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. This allows the attacker to obtain...

CVE-2024-6515

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...