Lucene search
K

173 matches found

OSV
OSV
added 2025/08/05 11:28 p.m.9 views

CVE-2025-54124 XWiki Platform: Any user with editing rights can access password properties through Database List Properties

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can creat...

7.1CVSS6.8AI score0.00425EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.4 views

PT-2025-31107 · Iroad · Iroad Dash Cam Fx2

Name of the Vulnerable Software and Affected Versions: IROAD Dashcam FX2 affected versions not specified Description: A bypass of the device pairing/registration process was discovered. The HTTP server lacks restrictions, allowing direct access at http://192.168.10.1 after connecting to the...

9.8CVSS6.5AI score0.00501EPSS
Exploits0References6
CVE
CVE
added 2025/07/17 12:0 a.m.21 views

CVE-2023-41566

CVE-2023-41566 affects OA EKP v16. An arbitrary download vulnerability exists in the component /ui/sys_ui_extend/sysUiExtend.do that can enable attackers to obtain the background administrator password and subsequently gain database permissions. Reported CVSS v3.1 metrics indicate a network-adjac...

8.1CVSS7.3AI score0.00281EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.12 views

The vulnerability of the Session Cookie Handler component in the microprogramming-based Ethernet modules WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN allows a hacker to obtain user passwords by force.

The vulnerability of the Session Cookie Handler component in the microprogramming-based Ethernet modules WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN relates to the ability to retrieve user credentials. Exploiting this vulnerability could allow a malicious actor to obtain user passwords through...

5CVSS5.4AI score0.0043EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/08 10:34 a.m.12 views

CVE-2025-20999

Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password...

4.1CVSS0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28378 · Samsung · Galaxy Tablet

Name of the Vulnerable Software and Affected Versions: Galaxy Tablet versions prior to SMR Jul-2025 Release 1 Description: The issue concerns improper authorization for accessing saved Wi-Fi passwords on Galaxy Tablet devices. This allows secondary users to access the owner's saved Wi-Fi password...

4.1CVSS6.5AI score0.0015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.14 views

CVE-2023-41595

An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password...

7.5CVSS6.4AI score0.00456EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:30 a.m.7 views

CVE-2023-26984

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...

8.1CVSS6.9AI score0.00917EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:25 a.m.8 views

CVE-2022-25570

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

6.5CVSS7AI score0.00807EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:8 a.m.12 views

CVE-2022-25828

Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log...

3.3CVSS6.7AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:8 a.m.9 views

CVE-2022-25829

Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log...

3.3CVSS6.7AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:7 p.m.11 views

CVE-2022-46141

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal All versions V19. An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware...

5.5CVSS6.4AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.11 views

CVE-2022-34572

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt...

5.7CVSS7AI score0.00628EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.10 views

CVE-2022-25826

Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log...

3.3CVSS6.7AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.11 views

CVE-2022-25827

Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log...

3.3CVSS6.7AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 p.m.3 views

CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

6.5CVSS6.6AI score0.00957EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:40 p.m.6 views

CVE-2021-30948

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication...

4.6CVSS4.9AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:39 p.m.9 views

CVE-2021-30651

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access...

4.9CVSS6.8AI score0.00699EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 p.m.11 views

CVE-2020-10262

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...

7.2CVSS7.2AI score0.00549EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.13 views

CBL Mariner 2.0 Security Update: pgbouncer (CVE-2025-2291)

The version of pgbouncer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2291 advisory. - Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID...

9.8CVSS7.6AI score0.00323EPSS
Exploits0References2
Rows per page
Query Builder