Lucene search
+L

1569 matches found

Vulnrichment
Vulnrichment
added 2025/12/28 7:32 p.m.3 views

CVE-2025-15151 TaleLin Lin-CMS Tests Folder config.py password in configuration file

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The...

6.3CVSS4.3AI score0.00274EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.7 views

Konica Bizhub Multifunction Printers Insufficiently Protected Credentials (CVE-2025-6081)

An authenticated attacker can disclose the password of a configured external service. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504862; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/02/20"; scriptcveid"CVE-2025-6081";...

6.8CVSS6.6AI score0.00277EPSS
Exploits0References3
CVE
CVE
added 2025/12/18 7:20 a.m.9 views

CVE-2025-13498

Technical details for CVE-2025-13498 are not provided in the connected documents. The initial description notes a WordPress Download Manager plugin vulnerability up to version 3.3.32 but does not specify affected product/vendor/version details beyond that. Monitor for updates.

4.3CVSS4.9AI score0.00365EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/18 7:20 a.m.4 views

CVE-2025-13498 Download Manager <= 3.3.32 - Missing Authorization to Authenticated (Subscriber+) Media Attachment Password Disclosure

The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...

4.3CVSS4.9AI score0.00365EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.7 views

VulnCheck KEV: CVE-2018-13317

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm...

6.1CVSS5.8AI score0.00991EPSS
In wildExploits1References2
Veracode
Veracode
added 2025/12/13 5:0 a.m.7 views

Cleartext Password Disclosure

Apache Syncope is vulnerable to Cleartext Password Disclosure. The issue arises from use of a hard-coded default AES key when AES-based password storage is enabled, allowing an attacker with access to the internal database to decrypt and recover user passwords...

7.5CVSS6.9AI score0.00448EPSS
Exploits0References5Affected Software4
Cvelist
Cvelist
added 2025/12/09 8:47 p.m.23 views

CVE-2021-47731 Selea Targa IP Camera Developer Backdoor Configuration Overwrite

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

9.3CVSS0.00454EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.6 views

R Radio Network FM Transmitter 安全漏洞

R Radio Network FM Transmitter is an FM transmitter from R Radio Network Thailand. A security vulnerability exists in R Radio Network FM Transmitter version 1.07, which originates from a system.cgi endpoint that discloses the administrator password, which could lead to authentication bypass...

8.7CVSS6.7AI score0.0039EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.7 views

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions 4.3.0 through prior to 4.13.0, which stems from a missing ACL in...

5.5CVSS6.5AI score0.00154EPSS
Exploits1References5
OSV
OSV
added 2025/11/19 6:15 p.m.16 views

CVE-2025-63205

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the...

7.5CVSS5.8AI score0.00365EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2025/11/19 12:0 a.m.4 views

CVE-2025-63205

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the...

7.5CVSS5.4AI score0.00365EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/19 12:0 a.m.2 views

CVE-2025-63208

An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint...

6.5AI score0.00239EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/14 10:49 p.m.8 views

CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json

Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...

8.7CVSS6.9AI score0.0045EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.4 views

sudo-rs 安全漏洞

sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in sudo-rs version 0.2.7 through versions prior to 0.2.10, which stems from the echoing of typed characters after a password timeout, which could lead to partial...

3.8CVSS6.3AI score0.00138EPSS
Exploits0References3
Debian
Debian
added 2025/11/11 7:23 p.m.10 views

[SECURITY] [DSA 6052-1] rust-sudo-rs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6052-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2025 https://www.debian.org/security/faq -...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.4 views

Debian dsa-6052 : librust-sudo-rs-dev - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6052 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6052-1 [email protected] https://www.debian.org/security/ Moritz...

5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.5 views

CVE-2025-12808

Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...

6.5CVSS6.8AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 6:32 p.m.5 views

EUVD-2025-38051

Improper access control in Devolutions Server 2025.3.5.0 and earlier allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure...

6.5CVSS6.3AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2025/11/06 5:15 p.m.4 views

CVE-2025-12808

Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...

6.5CVSS5.8AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 5:15 p.m.8 views

CVE-2025-12808

Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : Devolutions Server 2025.3.2.0 through 2025.3.5.0 Devolutions Server...

6.5CVSS0.00392EPSS
Exploits0References1
Rows per page
Query Builder