10 matches found
OPENSUSE-SU-2026:20533-1 Security update for pam
This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...
CVE-2025-66295
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences for example ..\Nijat or ../Nijat, Grav writes the account YAML file to an unintended path...
EUVD-2024-0781
Malicious code in bioql PyPI...
EUVD-2025-3961
Malicious code in bioql PyPI...
CVE-2025-23261
NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users...
CVE-2025-23261
NVIDIA Cumulus Linux and NVOS contain a log information disclosure vulnerability where hashed user passwords are not properly suppressed in log files, potentially exposing them to unauthorized users. Root cause: sensitive password hashes are logged instead of being hidden. Impact: information dis...
CVE-2025-24858
CVE-2025-24858 affects Develocity (formerly Gradle Enterprise) versions prior to 2024.3.1. A network-adjacent attacker can obtain the hashed system-user password from a Develocity server. The hash method is stated to follow password-storage best practices but remains vulnerable to offline attempt...
CVE-2024-26270
The CVE-2024-26270 issue affects Liferay Portal/DXP: Liferay Portal 7.4.3.76–7.4.3.99 and Liferay DXP 2023.Q3 before patch 5, plus 7.4 update 76–92. The root cause is embedding the user’s hashed password in the page HTML source, enabling MITM attackers to steal the hash. Impact is confidentiality...
CVE-2021-24585
The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...
Dahua Technology Camera Products Unauthorized Access Vulnerability
DH-IPC-HDW23A0RN-ZS, DH-IPC-HFW13A0SN-W, DHI-HCVR51A04HE-S3 are some of the many camera products from Dahua Technology. The unauthorized access vulnerability exists in Dahua's camera products, which allows an attacker to access the user database of a camera product with non-administrator...