Lucene search
+L

8344 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 6:24 p.m.13 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:24 p.m.40 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48956

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 2:16 p.m.17 views

CVE-2026-11792

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47781

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A heap buffer overflow occurs when audit logging is enabled. The create masked entry string function in auditlog.c copies a fixed-length password mask into a heap buffer without...

3.3CVSS6.2AI score0.00258EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

RHEL 7 : libsoup (RHSA-2026:24722)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24722 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References5
NVD
NVD
added 2026/06/08 7:16 p.m.12 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 6:26 p.m.39 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:26 p.m.8 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/08 6:26 p.m.25 views

CVE-2026-10786

CVE-2026-10786 affects Devolutions Server 2026.2.4.0 and 2026.1.20.0 and earlier. The issue is improper access control in the ticketing integration settings that allows an authenticated low-privilege user to obtain cleartext credentials for configured ticketing integrations via a crafted API requ...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 6:26 p.m.9 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

5.5AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 6:26 p.m.13 views

EUVD-2026-35182

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.15 views

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 4:51 p.m.14 views

EUVD-2026-35136

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:51 p.m.3 views

CVE-2026-46481 OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.9AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 3:5 p.m.39 views

CVE-2020-37248

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...

6.5CVSS0.00186EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 3:5 p.m.39 views

CVE-2020-37248

OfflineIMAP prior to version 8.0.3 is affected by a STARTTLS trust issue: the client trusts the server’s STARTTLS capability before authentication, enabling man-in-the-middle attacks that can exfiltrate credentials in cleartext. This vulnerability can enable an attacker to take over the connectio...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/08 2:32 a.m.22 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.5AI score0.00254EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47430

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.4.0 Devolutions Server versions prior to 2026.1.20.0 Description Improper access control in the ticketing integration settings allows an authenticated low-privileged user to obtain cleartext credentials for...

6.5CVSS5.2AI score0.00148EPSS
Exploits0References5
Rows per page
Query Builder