MCP Client Configuration File Detected

MCP Model Context Protocol configuration files allow specific softwares such as IDEs like Cursor to interact with MCP servers. These files may contain sensitive information which could assist an attack to conduct further attacks. No source data...

Oracle Linux 9 : php:8.3 (ELSA-2025-7418)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7418 advisory. php 8.3.19-1 - rebase to 8.3.19 8.3.15-1 - rebase to 8.3.15 8.3.12-1 - rebase to 8.3.12 RHEL-62189 - enable command history in phpdbg - backport Argon2...

CVE-2022-34800

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

CVE-2022-23497

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...

CVE-2021-37468

NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files...

CVE-2021-25235

An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file...

CVE-2021-37452

NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files...

CVE-2021-3722

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation...

CVE-2021-3451

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations...

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

CVE-2020-6961

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station CSCS Versions 1.X, a vulnerability exists in the affected products that could allow...

CVE-2020-13451

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros...

CVE-2020-9518

Login filter can access configuration files vulnerability in Micro Focus Service Manager Web Tier, affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data...

CVE-2020-15784

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...

CVE-2020-1171

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192...

CVE-2020-2209

Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2020-6968

Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

CVE-2014-9579

VDG Security SENSE formerly DIVA 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files...