EUVD-2026-22333

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...

CVE-2026-1966

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

CVE-2026-1966

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

PT-2026-6632

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering,...

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company...

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

CVE-2023-33254

There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an...