144 matches found
Albert Health 安全漏洞
Albert Health is a health management application developed by Albert Health Corporation. Versions of Albert Health prior to 1.7.3 contain security vulnerabilities. These vulnerabilities stem from improper handling of the resources/assets/service-account.json file associated with the Google Cloud...
PT-2026-25765
A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected...
PT-2026-25760
A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activity. Executing a manipulation of the argument API KEY WEBSOCKET CV can lead to unprotected storage ...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-15128
ZKTeco BioTime Endpoint (affected: up to 9.0.3/9.0.4/9.5.2) contains a vulnerability in the file /base/safe_setting/ within the Endpoint component. Manipulating the arguments backup_encryption_password_decrypt/export_encryption_password_decrypt can lead to unprotected storage of credentials. Remo...
📄 Backdoor.Win32.Netbus.170 MVID-2025-0703 Insecure Credential Storage
Backdoor.Win32.Netbus.170 malware listens on TCP ports 12632 and 12631. The backdoor server password "ecoli" is stored in cleartext in an .INI textfile, stored under "C:\Windows" having the same name as the malware. Third party attackers who have knowledge of the password can login and issue...
ROS-20251223-7320
Vulnerability in jenkins related to unencrypted storage of credentials. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to protected information...
ROS-20251223-7319
Vulnerability in jenkins related to unencrypted storage of credentials. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to protected information...
CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...
CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...
CVE-2025-14183
SGAI Space1 NAS N1211DS (≤1.0.915) is affected by CVE-2025-14183 in the gsaiagent component, specifically GET_FACTORY_INFO/GET_USER_INFO in /cgi-bin/JSONAPI. The issue enables unprotected storage of credentials and is exploitable remotely; public exploit material exists. Red Hat/EUVD/NVD entries ...
PT-2025-49394
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET FACTORY INFO/GET USER INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The...
CVE-2025-65841
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...
CVE-2025-13221 Intelbras UnniTI usuarios.xml credentials storage
A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has...
CVE-2025-13221 Intelbras UnniTI usuarios.xml credentials storage
A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has...
CVE-2025-13221
CVE-2025-13221 affects Intelbras UnniTI 24.07.11. The vulnerability is in an unknown function in the file /xml/sistema/usuarios.xml where manipulating the argument Usuario/Senha can cause unprotected storage of credentials. The issue can be exploited remotely, and public exploits exist. Connected...
PT-2025-47063
Name of the Vulnerable Software and Affected Versions Intelbras UnniTI version 24.07.11 Description A weakness exists in Intelbras UnniTI 24.07.11 related to the storage of credentials. Manipulation of the Senha argument within the Usuario element of the /xml/sistema/usuarios.xml file can lead to...
CVE-2025-13187 Intelbras ICIP acessodeusuario.xml credentials storage
A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit...
CVE-2025-13187
CVE-2025-13187 (Intelbras ICIP 2.0.20) affects an unknown function in the file /xml/sistema/acessodeusuario.xml, where manipulation of the NomeUsuario/SenhaAcess arguments leads to unprotected storage of credentials. The vulnerability can be exploited remotely, and public disclosures exist. Conne...