75 matches found
CVE-2026-10540
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...
CVE-2025-71332
Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...
CVE-2025-71332 Flowise - SQL Injection in importChatflows API via chatflow.id Parameter
Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...
EUVD-2025-210326
Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to ...
CVE-2017-20264 Joomla! Component Sponsor Wall 8.0 SQL Injection
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...
CVE-2017-20255
This CVE affects the Joomla! extension JB Visa 1.0. The vulnerability is an SQL injection in the visatype parameter that can be exploited via GET requests to index.php with option=com_bookpro and view=popup, allowing unauthenticated attackers to extract sensitive data (credentials and table conte...
Deserialization of Untrusted Data
Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of credential data stored in JdbcAssertingPartyMetadataRepositor...
CVE-2026-46443 Flowise: Credential Data Leak
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is...
CVE-2026-9628
A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...
NPM: FlowiseAI Vulnerable to Credential Data Leak
NPM: FlowiseAI Vulnerable to Credential Data Leak vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
GHSA-7G73-99R4-M4MJ FlowiseAI Vulnerable to Credential Data Leak
Severity: HIGH CVSS 7.5 Type: CWE-200 Exposure of Sensitive Information File: packages/server/src/services/credentials/index.ts:62-71 Description: When credentials are fetched with a credentialName filter parameter, the encryptedData field is NOT stripped from the response. The code properly omit...
FlowiseAI Vulnerable to Credential Data Leak
Severity: HIGH CVSS 7.5 Type: CWE-200 Exposure of Sensitive Information File: packages/server/src/services/credentials/index.ts:62-71 Description: When credentials are fetched with a credentialName filter parameter, the encryptedData field is NOT stripped from the response. The code properly omit...
ALPINE-CVE-2026-40892
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsipauthcreatedigest2 in PJSIP when using pre-computed digest credentials PJSIPCREDDATADIGEST. The function copies credential data using credinfo-data.slen as the...
CVE-2026-40892
CVE-2026-40892 (PJSIP) : A stack buffer overflow exists in pjsip_auth_create_digest2() for 2.16 and earlier when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies cred_info->data.slen without an upper-bound check, which can overflow the fixed-size ha1 buffer (...
CVE-2026-3691
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization...
Malicious code in open-vp-cal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab8c06b5d7e9b98d62708ab7377d9e18a214e884c69b0c7217979121aed06917 When executing the module, the code installs a package from a remote location. The remote package contains malicious code exfiltrating selected env variables a...
Malicious Package
Overview typescript-rtk-query is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...
CVE-2018-25180 Maitra 1.7.2 SQL Injection and Database File Download
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...
CVE-2026-24762
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...