CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822

CVE-2025-9822 affects mautic (core/lib related), describing an improper access control that allows an administrator to modify configuration and extract secrets (e.g., database credentials) via the elfinder component. The issue is documented across multiple sources (GitHub advisory GHSA-438M-6MHW-...

CVE-2025-9822 Secret data extraction via elfinder

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

CVE-2025-9822 Secret data extraction via elfinder

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

Project-Frame-Jacking-The-Gallery-Heist

Executive Summary A comprehensive penetration test was conduc...

PT-2025-35722

Name of the Vulnerable Software and Affected Versions: mautic affected versions not specified Description: A user with administrator rights can modify the application’s configuration and extract sensitive information that is normally inaccessible. This allows an administrator to disclose...

CGM CLININET Information Disclosure Vulnerability

CGM CLININET is a hospital information management system from CGM Germany. An information disclosure vulnerability exists in CGM CLININET. The vulnerability stems from a configuration file that contains database login information and can be read by a local user, which can be exploited by an...

CVE-2025-30063 Excessive permissions on configuration files containing database logins and passwords

The configuration file containing database logins and passwords is readable by any local user...

Linux Distros Unpatched Vulnerability : CVE-2022-24716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local...

CGM CLININET 安全漏洞

CGM CLININET is a hospital information management system from the German company CGM. A security vulnerability exists in CGM CLININET, which originates from a configuration file that contains database login information and can be read by a local user, potentially leading to information disclosure...

CVE-2025-8895

CVE-2025-8895 affects the WP Webhooks plugin for WordPress. It allows unauthenticated arbitrary file copy due to missing input validation in all versions up to and including 3.3.5, enabling access to sensitive files (e.g., wp-config.php) and database credentials. The vulnerability is rated critic...

CVE-2025-8895 WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

CVE-2025-55169

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...

CVE-2025-55169

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...

CVE-2025-48709

An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbuconnectiondetails.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process...

CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M version 9.0.21.300, which originates from the explicit storage of database credentials and could lead to information...