124 matches found
EUVD-2025-12381
Malicious code in bioql PyPI...
EUVD-2022-24404
Malicious code in bioql PyPI...
EUVD-2022-30982
Malicious code in bioql PyPI...
EUVD-2022-15240
Malicious code in bioql PyPI...
CVE-2025-42943 Information Disclosure in SAP GUI for Windows
SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...
Sensitive Information Disclosure
Opencast is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposure of hashed credentials due to incorrect handling of global system account credentials when fetching mediapackage elements, allowing attackers with ingest permissions to exfiltrate them to an external U...
CVE-2025-54380
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass...
Insufficiently Protected Credentials
Overview org.opencastproject:opencast-ingest-service-impl is a free and open source solution for automated video capture and distribution at scale. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the process of fetching MediaPackage elements included i...
CVE-2025-54380
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass...
CVE-2025-54380 Opencast still publishes global system account credentials
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass...
CVE-2025-54380 Opencast still publishes global system account credentials
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass...
GHSA-J63H-HMGW-X4J7 Opencast still publishes global system account credentials
Description Opencast prior to versions 17.6 would incorrectly send the hashed global system account credentials ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous...
Opencast still publishes global system account credentials
Description Opencast prior to versions 17.6 would incorrectly send the hashed global system account credentials ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous...
CVE-2020-3998
VMware Horizon Client for Windows 5.x prior to 5.5.0 contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes...
CVE-2019-5135
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...
CVE-2019-3649
Information Disclosure vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files...
ALSA-2025:7435 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing CVE-2025-2830 thunderbird: Leak of hashed Window credentials via crafted...
thunderbird: Leak of hashed Window credentials via crafted attachment URL
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...
RHEL 8 : thunderbird (RHSA-2025:4654)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:4654 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachmen...
RHEL 8 : thunderbird (RHSA-2025:4617)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:4617 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachmen...