Lucene search
+L

2125 matches found

cve
cve
added 4 hours ago7 views

CVE-2026-46515

CVE-2026-46515 (Frogman) affects Frogman’s headless PBX control via MCP and HTTP API. Before version 1.6.3, a PERM_READ privilege was sufficient to call multiple endpoints (fm_list_managers, fm_list_pinsets, fm_show_context, fm_get_mcp_config, fm_backup_status, fm_whos_calling, fm_run_saved_query...

9.3CVSS6.2AI score
Exploits0References6
nuclei
nuclei
added 13 hours ago69 views

WordPress Download Manager - File Password Exposure

The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. id: CVE-2023-6421 info: name: WordPress Download Manager - File Password Exposure...

7.5CVSS7AI score0.02437EPSS
Exploits3References1
cve
cve
added 3 days ago13 views

CVE-2026-22098

Technical details about CVE-2026-22098 are not publicly available in the provided documents. The issue is described as sensitive information written to log files, but product/versions, impact specifics, and fixes are not specified. Monitor for updates.

9.2CVSS6.1AI score0.00332EPSS
Exploits0References1
vulnrichment
vulnrichment
added 3 days ago4 views

CVE-2026-22098 Sensitive information is written to logs

Various sensitive information such as passwords and charging card UIDs are written to log files...

9.2CVSS6.1AI score0.00332EPSS
Exploits0References1
ptsecurity
ptsecurity
added 3 days ago7 views

PT-2026-57672

Name of the Vulnerable Software and Affected Versions EVbee DC-80 affected versions not specified Description The built-in web server running on port 8090 lacks authentication. This flaw allows unauthorized access to sensitive information, including configured passwords and stored credentials, an...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References3
nvd
nvd
added 2026/07/09 7:16 p.m.9 views

CVE-2025-63579

Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...

7.5CVSS0.00199EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/09 6:26 a.m.36 views

CVE-2026-47840 LDAP StartTLS unconditionally disables hostname verification

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS0.00132EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/09 12:0 a.m.6 views

CVE-2025-63579

Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...

7.5CVSS5.9AI score0.00199EPSS
Exploits0References3
cve
cve
added 2026/07/09 12:0 a.m.16 views

CVE-2025-63579

CVE-2025-63579 affects Kyocera devices using Command Center RX for various TASKalfa models (e.g., 2552ci, 3252ci, 2553ci, 3253ci, 3554ci, 4052ci, 5052ci, 6052ci, 7052ci, 8052ci, 7353ci, 8353ci, 2554ci, 3254ci, 505). The description reports that unauthorized access can export all information store...

7.5CVSS5.9AI score0.00199EPSS
Exploits0References2
osv
osv
added 2026/07/08 9:23 p.m.3 views

CVE-2026-44025 Fluentd: Exposure of Sensitive Information via Monitor Agent API

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related...

7.5CVSS7AI score0.00482EPSS
Exploits0References6
osv
osv
added 2026/07/06 8:3 a.m.7 views

PYSEC-2026-925 sosreport Exposure of Sensitive Information vulnerability

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el86, ovirt-log-collector-4.4.7-2.el8ev...

5.5CVSS5.9AI score0.00233EPSS
Exploits0References6
cve
cve
added 2026/07/06 7:18 a.m.20 views

CVE-2026-14808

CVE-2026-14808 concerns the Prog Management System from PROG MIS, with an exposed sensitive-information vulnerability. Unauthenticated remote attackers can access a specific page and obtain the database account and password, leading to high-impact confidentiality and integrity risks (CVSS ~9.3–9....

9.8CVSS6AI score0.00507EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/06 7:18 a.m.38 views

CVE-2026-14808 PROG MIS|Prog Management System - Exposure of Sensitive Information

Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password...

9.8CVSS0.00507EPSS
Exploits0References2
nvd
nvd
added 2026/07/03 8:16 a.m.9 views

CVE-2026-8804

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS0.00082EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/01 9:15 p.m.42 views

CVE-2026-54704 OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/01 9:15 p.m.7 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/30 11:20 a.m.5 views

CVE-2026-53692

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

9.3CVSS5.8AI score0.00399EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/29 4:7 p.m.28 views

CVE-2026-13750

Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/06/24 9:35 p.m.4 views

CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS6.1AI score0.00271EPSS
Exploits1References3
cve
cve
added 2026/06/24 1:20 p.m.25 views

CVE-2026-57302

CVE-2026-57302 affects the Jenkins FitNesse Plugin, specifically version 1.36 and earlier. The root cause is unencrypted password storage in the job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller files...

4.3CVSS5.9AI score0.00178EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder