Lucene search
+L

77 matches found

RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.7 views

CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...

8.6CVSS5.6AI score0.8056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.6 views

CVE-2026-24762

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...

7.5CVSS5.3AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.12 views

PT-2026-5305

Name of the Vulnerable Software and Affected Versions B&R PVI client versions prior to 6.5 Description An issue exists in B&R PVI client where an authenticated local attacker may be able to gather credential information. This occurs through the insertion of sensitive information into log files. T...

5.1CVSS5.8AI score0.00103EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/21 6:2 p.m.8 views

EUVD-2026-3605

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...

8.7CVSS5.7AI score0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.19 views

PT-2026-3842

D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credenti...

8.7CVSS5.7AI score0.00319EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.6 views

IBM Concert 跨站脚本漏洞

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering an...

6.1CVSS6AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2025/10/31 11:1 a.m.20 views

CVE-2025-40603

SonicWall SMA100 Series appliances (SMA 210, 410, 500v) are affected by CVE-2025-40603. A remote, authenticated administrator may, under certain conditions, view partial user credential data via log files. SonicWall PSIRT provides a fixed-release remediation for SMA100 series; upgrade to the spec...

4.5CVSS5.8AI score0.00437EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-14862

Malware in sbrugna...

7.5CVSS7.5AI score0.01803EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2018-10727

Malware in sbrugna...

7.8CVSS7.6AI score0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2012-4831

Malware in sbrugna...

5CVSS6.1AI score0.03103EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/08/22 2:31 p.m.7 views

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

1CVSS6.8AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 2:15 p.m.6 views

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 1:58 p.m.21 views

CVE-2025-8448

CVE-2025-8448 involves Schneider Electric EcoStruxure Building Operation Enterprise Server and EcoStruxure Enterprise Server. The vulnerability (CWE-200) allows an attacker who can capture local SMB traffic on a BMS network to access sensitive credential data from a valid user, exposing confident...

1CVSS6.7AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.6 views

Schneider Electric EcoStruxure Building Operation Enterprise Server和Schneider Electric EcoStruxure Enterprise Server 信息泄露漏洞

Schneider Electric EcoStruxure Building Operation Enterprise Server and Schneider Electric EcoStruxure Enterprise Server are both products of Schneider Electric, a French company. Schneider Electric EcoStruxure Building Operation Enterprise Server is an enterprise-class building control system. T...

1CVSS6.1AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.13 views

PT-2025-34059

Name of the Vulnerable Software and Affected Versions: SMB affected versions not specified Description: A vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and th...

1.4CVSS5.8AI score0.0018EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 3:29 p.m.7 views

CVE-2020-28946

An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...

7.5CVSS7.1AI score0.0121EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 12:8 p.m.9 views

CVE-2012-4028

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication...

7.8CVSS6.5AI score0.01626EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.8 views

CVE-2019-19774

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data...

8.8CVSS6.8AI score0.12517EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 a.m.10 views

CVE-2012-4903

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906...

5CVSS5.8AI score0.03103EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:59 a.m.13 views

CVE-2012-4906

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903...

5CVSS6.2AI score0.03103EPSS
Exploits1References1
Rows per page
Query Builder