107 matches found
PT-2025-53350
Name of the Vulnerable Software and Affected Versions SOCA Access Control System version 180612 Description The SOCA Access Control System has multiple insecure direct object reference issues. These allow attackers to access sensitive user credentials, including retrieving authenticated and...
GHSA-53GX-J3P6-2RW9 XWiki Jetty Package (XJetty) allows accessing any application file through URL
Impact In an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials, like http://myhots/webapps/xwiki/WEB-INF/xwiki.cfg,...
CVE-2020-36873 Astak CM-818T3 Unauthenticated Configuration Disclosure
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...
CVE-2025-61120
AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...
EUVD-2025-37025
AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...
CVE-2025-61120
AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...
CVE-2025-61120
AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...
CVE-2025-61120
AG Life Logger Android App (v1.0.2.72 and earlier; package com.donki.healthy) by IO FIT, K.K. has an improper access control vulnerability. Traffic contains credentials exposed in transit, which may allow misuse of cloud resources. Additionally, a predictable verification code mechanism enables b...
PT-2025-44430
Name of the Vulnerable Software and Affected Versions AG Life Logger versions prior to v1.0.2.72 Description The AG Life Logger Android App has issues with access control. Exposed credentials in network traffic could allow misuse of cloud resources. Predictable verification codes enable potential...
RedTeam-Penetration-Test-UNF
UNF Penetration Testing Report – Red Team Engagement This rep...
CVE-2025-52625
A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...
EUVD-2019-13388
Malware in sbrugna...
EUVD-2022-35621
Malicious code in bioql PyPI...
EUVD-2021-30505
Malicious code in bioql PyPI...
EUVD-2024-42891
Malicious code in bioql PyPI...
CVE-2025-54428 RevelaCode exposes Sensitive MongoDB Atlas URI in .env (potential credential leak)
RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded username and password was accidentally committed to the public repository. This could allow...
CVE-2025-5823
Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is...
Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online
When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion! Researchers at Cybernews have discovered 30 exposed datasets containing fro...
PT-2025-25306
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue allows an attacker to gain full access to the application due to login credentials for the admin user and the property configuration password being stored in files within the source...
CVE-2024-40583
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials...