173 matches found
CVE-2025-54124 XWiki Platform: Any user with editing rights can access password properties through Database List Properties
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can creat...
PT-2025-31107 · Iroad · Iroad Dash Cam Fx2
Name of the Vulnerable Software and Affected Versions: IROAD Dashcam FX2 affected versions not specified Description: A bypass of the device pairing/registration process was discovered. The HTTP server lacks restrictions, allowing direct access at http://192.168.10.1 after connecting to the...
CVE-2023-41566
CVE-2023-41566 affects OA EKP v16. An arbitrary download vulnerability exists in the component /ui/sys_ui_extend/sysUiExtend.do that can enable attackers to obtain the background administrator password and subsequently gain database permissions. Reported CVSS v3.1 metrics indicate a network-adjac...
The vulnerability of the Session Cookie Handler component in the microprogramming-based Ethernet modules WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN allows a hacker to obtain user passwords by force.
The vulnerability of the Session Cookie Handler component in the microprogramming-based Ethernet modules WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN relates to the ability to retrieve user credentials. Exploiting this vulnerability could allow a malicious actor to obtain user passwords through...
CVE-2025-20999
Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password...
PT-2025-28378 · Samsung · Galaxy Tablet
Name of the Vulnerable Software and Affected Versions: Galaxy Tablet versions prior to SMR Jul-2025 Release 1 Description: The issue concerns improper authorization for accessing saved Wi-Fi passwords on Galaxy Tablet devices. This allows secondary users to access the owner's saved Wi-Fi password...
CVE-2023-41595
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password...
CVE-2023-26984
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...
CVE-2022-25570
In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...
CVE-2022-25828
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log...
CVE-2022-25829
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log...
CVE-2022-46141
A vulnerability has been identified in SIMATIC STEP 7 TIA Portal All versions V19. An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware...
CVE-2022-34572
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt...
CVE-2022-25826
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log...
CVE-2022-25827
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log...
CVE-2021-39872
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...
CVE-2021-30948
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication...
CVE-2021-30651
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access...
CVE-2020-10262
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...
CBL Mariner 2.0 Security Update: pgbouncer (CVE-2025-2291)
The version of pgbouncer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2291 advisory. - Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID...