Lucene search
K

10 matches found

OSV
OSV
added 2026/04/14 2:33 p.m.3 views

OPENSUSE-SU-2026:20533-1 Security update for pam

This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...

4.7CVSS5.8AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/02 9:26 p.m.9 views

CVE-2025-66295

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences for example ..\Nijat or ../Nijat, Grav writes the account YAML file to an unintended path...

8.8CVSS6.8AI score0.00482EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0781

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00441EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-3961

Malicious code in bioql PyPI...

8.3CVSS6.6AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 4:10 p.m.11 views

CVE-2025-23261

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users...

5.5CVSS6.7AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 3:52 p.m.18 views

CVE-2025-23261

NVIDIA Cumulus Linux and NVOS contain a log information disclosure vulnerability where hashed user passwords are not properly suppressed in log files, potentially exposing them to unauthorized users. Root cause: sensitive password hashes are logged instead of being hidden. Impact: information dis...

5.5CVSS6.2AI score0.00152EPSS
Exploits0References3
CVE
CVE
added 2025/01/26 12:0 a.m.62 views

CVE-2025-24858

CVE-2025-24858 affects Develocity (formerly Gradle Enterprise) versions prior to 2024.3.1. A network-adjacent attacker can obtain the hashed system-user password from a Develocity server. The hash method is stated to follow password-storage best practices but remains vulnerable to offline attempt...

8.3CVSS7.2AI score0.00455EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 1:43 p.m.73 views

CVE-2024-26270

The CVE-2024-26270 issue affects Liferay Portal/DXP: Liferay Portal 7.4.3.76–7.4.3.99 and Liferay DXP 2023.Q3 before patch 5, plus 7.4 update 76–92. The root cause is embedding the user’s hashed password in the page HTML source, enabling MITM attackers to steal the hash. Impact is confidentiality...

6.5CVSS6.3AI score0.00441EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/09/20 10:15 a.m.7 views

CVE-2021-24585

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...

6.5CVSS5.9AI score0.01139EPSS
Exploits2References1
CNVD
CNVD
added 2017/03/16 12:0 a.m.3 views

Dahua Technology Camera Products Unauthorized Access Vulnerability

DH-IPC-HDW23A0RN-ZS, DH-IPC-HFW13A0SN-W, DHI-HCVR51A04HE-S3 are some of the many camera products from Dahua Technology. The unauthorized access vulnerability exists in Dahua's camera products, which allows an attacker to access the user database of a camera product with non-administrator...

6.9AI score
Exploits0References1
Rows per page
Query Builder