CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•3 views

CVE-2026-49200

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS5.5AI score0.00059EPSS

Cvelist•added 2 days ago•33 views

CVE-2026-45432 Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS0.0011EPSS

Vulnrichment•added 2 days ago•4 views

CVE-2026-45432 Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models

8.7CVSS5.8AI score0.0011EPSS

ATTACKERKB•added 3 days ago•4 views

CVE-2023-52951

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

5.9CVSS5.8AI score0.00018EPSS

Vulnrichment•added 3 days ago•4 views

CVE-2023-52951

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

5.9CVSS5.8AI score0.00018EPSS

Nuclei•added 5 days ago•124 views

SonarQube - Authentication Bypass

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. id: CVE-2020-27986 info: name: SonarQube - Authentication Bypass author: pikpikcu severity: high description: | SonarQube 8.4.2.36762 allows remote attackers to...

7.5CVSS7.2AI score0.92573EPSS

Exploits0References5

NVD•added 2026/05/29 8:16 p.m.•12 views

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS0.00007EPSS

NVD•added 2026/05/29 9:16 a.m.•12 views

CVE-2026-49200

10CVSS0.00059EPSS

ATTACKERKB•added 2026/05/29 8:51 a.m.•14 views

CVE-2026-49200

Vulnrichment•added 2026/05/29 8:51 a.m.•8 views

CVE-2026-49200 Acer Wave 7 router: Broken Access Control

EUVD•added 2026/05/29 8:51 a.m.•9 views

EUVD-2026-33270

Cvelist•added 2026/05/29 8:51 a.m.•32 views

CVE-2026-49200 Acer Wave 7 router: Broken Access Control

10CVSS0.00059EPSS

CVE•added 2026/05/29 8:51 a.m.•20 views

CVE-2026-49200

The CVE-2026-49200 entry affects Acer Wave 7 router firmware. The root issue is that the acer_cgi.log file is accessible without authentication via the web interface, and this log contains cleartext credentials for web and Telnet. This exposure can lead to unauthorized system access and high impa...

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44973

Name of the Vulnerable Software and Affected Versions StrongDM Desktop Application versions prior to 23.74.0 StrongDM Desktop Client versions prior to 53.77.0 Description On Microsoft Windows, the software stores authentication state in cleartext within a per-user state file located at...

2CVSS5.8AI score0.00007EPSS

Exploits0References14

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-44770

Name of the Vulnerable Software and Affected Versions Acer Wave 7 router affected versions not specified Description The acer cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for both web and Telnet...

Github Security Blog•added 2026/05/28 5:52 p.m.•14 views

Exploits0References7

OpenBao's Inline Auth Incorrectly Redacted Headers

Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...

5.8AI score

Exploits0References6Affected Software1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в lynx

Lynx versions up to 2.8.9 mishandled the userinfo subcomponent of a URI, allowing remote attackers to discover cleartext credentials, as these credentials might appear in SNI data...

5.3CVSS6.6AI score0.04281EPSS

EUVD•added 2026/05/14 9:30 p.m.•5 views

EUVD-2026-30372

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

5.9AI score0.00015EPSS

CVE•added 2026/05/14 12:0 a.m.•9 views

CVE-2026-38740

CVE-2026-38740 affects the Foscam VD1 Video Doorbell (pre‑V5.3.13_1072). The root cause is cleartext transmission of sensitive SDP data, including ICE credentials and candidates, exposed over network interfaces. An attacker with network visibility can intercept these credentials to hijack media s...

5.3CVSS5.9AI score0.00015EPSS