EUVD-2025-208687

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

PT-2026-25661

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

Microsoft Exchange 安全漏洞

Microsoft Exchange is an enterprise-level email server provided by the American company Microsoft. Microsoft Exchange 2019 and earlier versions have a security vulnerability. This vulnerability stems from the fact that the Exchange ActiveSync configuration on local servers may transmit sensitive...

CVE-2025-8306

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts including main administrator due to lack of granularity in access control. Chained...

CVE-2025-8307

Summary (CVE-2025-8307 / 8306) : Asseco InfoMedica Infomedica Plus stores user passwords in an encoded form. A low-privilege user can obtain encoded passwords due to insufficient access control, enabling potential credential exposure. The CVE-2025-8306 (Improper Access Control) and CVE-2025-8307 ...

CVE-2025-8307 Recoverable passwords in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

CVE-2025-8307 Recoverable passwords in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

CVE-2025-8306 Improper Access Control in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts including main administrator due to lack of granularity in access control. Chained...

CVE-2025-8306 Improper Access Control in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts including main administrator due to lack of granularity in access control. Chained...

PT-2026-1958

Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica is a solution for managing administrative and medical tasks in the healthcare sector. A user with low privileges can obtain...

PT-2026-1959

Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica stores user passwords in an encoded format within a database. An attacker with access to these encoded passwords can decode the...

CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

EUVD-2013-3209

Malware in sbrugna...

EUVD-2019-5995

Malware in sbrugna...

EUVD-2007-0516

Malware in sbrugna...

EUVD-2024-26927

Malicious code in bioql PyPI...

CVE-2013-3272

EMC Replication Manager RM before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack...

JetBrains TeamCity Information Disclosure Vulnerability

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from base64 encoded passwords being exposed in build logs. An attacker can exploit the vulnerabilit...

CVE-2024-8455

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets ca...

CVE-2024-8455 PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets ca...