1569 matches found
CVE-2025-15151 TaleLin Lin-CMS Tests Folder config.py password in configuration file
A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The...
Konica Bizhub Multifunction Printers Insufficiently Protected Credentials (CVE-2025-6081)
An authenticated attacker can disclose the password of a configured external service. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504862; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/02/20"; scriptcveid"CVE-2025-6081";...
CVE-2025-13498
Technical details for CVE-2025-13498 are not provided in the connected documents. The initial description notes a WordPress Download Manager plugin vulnerability up to version 3.3.32 but does not specify affected product/vendor/version details beyond that. Monitor for updates.
CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...
VulnCheck KEV: CVE-2018-13317
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm...
Cleartext Password Disclosure
Apache Syncope is vulnerable to Cleartext Password Disclosure. The issue arises from use of a hard-coded default AES key when AES-based password storage is enabled, allowing an attacker with access to the internal database to decrypt and recover user passwords...
CVE-2021-47731 Selea Targa IP Camera Developer Backdoor Configuration Overwrite
Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...
R Radio Network FM Transmitter 安全漏洞
R Radio Network FM Transmitter is an FM transmitter from R Radio Network Thailand. A security vulnerability exists in R Radio Network FM Transmitter version 1.07, which originates from a system.cgi endpoint that discloses the administrator password, which could lead to authentication bypass...
Wazuh 安全漏洞
Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions 4.3.0 through prior to 4.13.0, which stems from a missing ACL in...
CVE-2025-63205
An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the...
CVE-2025-63205
An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the...
CVE-2025-63208
An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint...
CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
sudo-rs 安全漏洞
sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in sudo-rs version 0.2.7 through versions prior to 0.2.10, which stems from the echoing of typed characters after a password timeout, which could lead to partial...
[SECURITY] [DSA 6052-1] rust-sudo-rs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6052-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2025 https://www.debian.org/security/faq -...
Debian dsa-6052 : librust-sudo-rs-dev - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6052 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6052-1 [email protected] https://www.debian.org/security/ Moritz...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
EUVD-2025-38051
Improper access control in Devolutions Server 2025.3.5.0 and earlier allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...