77 matches found
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...
CVE-2026-24762
RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...
PT-2026-5305
Name of the Vulnerable Software and Affected Versions B&R PVI client versions prior to 6.5 Description An issue exists in B&R PVI client where an authenticated local attacker may be able to gather credential information. This occurs through the insertion of sensitive information into log files. T...
EUVD-2026-3605
D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary userid value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credentia...
PT-2026-3842
D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credenti...
IBM Concert 跨站脚本漏洞
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering an...
CVE-2025-40603
SonicWall SMA100 Series appliances (SMA 210, 410, 500v) are affected by CVE-2025-40603. A remote, authenticated administrator may, under certain conditions, view partial user credential data via log files. SonicWall PSIRT provides a fixed-release remediation for SMA100 series; upgrade to the spec...
EUVD-2021-14862
Malware in sbrugna...
EUVD-2018-10727
Malware in sbrugna...
EUVD-2012-4831
Malware in sbrugna...
CVE-2025-8448
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...
CVE-2025-8448
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...
CVE-2025-8448
CVE-2025-8448 involves Schneider Electric EcoStruxure Building Operation Enterprise Server and EcoStruxure Enterprise Server. The vulnerability (CWE-200) allows an attacker who can capture local SMB traffic on a BMS network to access sensitive credential data from a valid user, exposing confident...
Schneider Electric EcoStruxure Building Operation Enterprise Server和Schneider Electric EcoStruxure Enterprise Server 信息泄露漏洞
Schneider Electric EcoStruxure Building Operation Enterprise Server and Schneider Electric EcoStruxure Enterprise Server are both products of Schneider Electric, a French company. Schneider Electric EcoStruxure Building Operation Enterprise Server is an enterprise-class building control system. T...
PT-2025-34059
Name of the Vulnerable Software and Affected Versions: SMB affected versions not specified Description: A vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and th...
CVE-2020-28946
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...
CVE-2012-4028
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication...
CVE-2019-19774
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data...
CVE-2012-4903
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906...
CVE-2012-4906
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903...