Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

Credential Disclosure in (EU) Digital Identity Wallets: Privacy Risks and Practical Mitigations

The European Union will introduce the EUDI Wallet by late 2026, which allows users to hold digital credentials i.e., representations of physical official identity documents on their devices. This will allow users to securely and privately disclose identity attributes to websites. Although such a...

CVE-2026-8993

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

CVE-2025-36148 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the...

CVE-2025-36148

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the...

PT-2026-43281

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the...

CVE-2018-25358

The CVE-2018-25358 entry concerns the D-Link DIR-601 (firmware 2.02NA) where an unauthenticated attacker can disclose credentials via /my_cgi.cgi by manipulating the table_name parameter in POST requests. Affected data includes administrative credentials and wireless keys, exposed in cleartext. T...

CVE-2021-21508

Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...

RHCOS 3 : OpenShift Container Platform 3.9 cri-o (RHSA-2019:3812)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:3812 advisory. - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure...

RHCOS 4 : OpenShift Container Platform 4.1.17 cri-o (RHSA-2019:2825)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2825 advisory. - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure...

Astra Linux – Vulnerability in Ansible

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, and ansible-engine 2.6.19 were logging at the DEBUG level. This led to the disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

IBM Guardium Data Protection Web UI Cross-Site Scripting Vulnerability

IBM Guardium Data Protection is a data security and activity monitoring platform for database auditing, vulnerability assessment and compliance management. A cross-site scripting vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from the failure of the Web UI to proper...

CVE-2025-43937

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able ...

CVE-2026-4155 ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploi...

SonicWall SMA 1000 Series <= 12.4.3-03245 / 12.5.x <= 12.5.0-02283 Multiple Vulnerabilities (SNWLID-2026-0003)

The remote host is a SonicWall SMA 1000 Series device that is affected by multiple vulnerabilities: - A privilege escalation vulnerability due to improper neutralization of special elements used in an SQL command. A remote authenticated attacker with read-only administrator privileges can escalat...

CVE-2026-1243

IBM Content Navigator is affected by CVE-2026-1243, a Cross-Site Scripting (XSS) vulnerability that allows an authenticated user to embed arbitrary JavaScript into the Web UI, potentially altering app behavior and leading to credentials disclosure within a trusted session. Affected versions are 3...

CVE-2025-66484 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

XmlNotepad 代码问题漏洞

XmlNotepad is an open-source XML document browsing and editing tool developed by Microsoft. Versions of XmlNotepad prior to 2.9.0.21 had code vulnerabilities. These vulnerabilities stemmed from the default setting of enabling DTD processing, which could lead to the disclosure of local file conten...