368 matches found
CVE-2023-49106
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Agent component.This issue affects Hitachi Device Manager: before 8.8.5-04...
CVE-2025-14996
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it...
CVE-2025-14996 AS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it...
CVE-2025-14996 AS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it...
WordPress plugin AS Password Field In Default Registration Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
EUVD-2022-55751
Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration...
EUVD-2022-55749
Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash...
CVE-2022-50687
Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash...
CVE-2022-50689
CVE-2022-50689 affects Cobian Reflector 0.9.93 RC1. A denial-of-service can be triggered by overflowing the password input field during SFTP task configuration, e.g., pasting an ~8000-byte buffer into the password field, causing the application to crash. Multiple connected sources (NVD/NVD-derive...
CVE-2022-50689 Cobian Reflector 0.9.93 RC1 Local Denial of Service via Password Field
Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration...
CVE-2022-50689 Cobian Reflector 0.9.93 RC1 Local Denial of Service via Password Field
Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration...
CVE-2022-50687 Cobian Backup 11 Gravity 11.2.0.582 Local Denial of Service via Password Field
Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash...
CVE-2022-50687 Cobian Backup 11 Gravity 11.2.0.582 Local Denial of Service via Password Field
Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash...
Cobian Backup Gravity 安全漏洞
Cobian Backup Gravity is a file backup software by Luis Cobian Personal Developer. A security vulnerability exists in Cobian Backup Gravity version 11.2.0.582, which stems from an FTP password input field that could lead to a denial of service attack...
Cobian Reflector 安全漏洞
Cobian Reflector is a file backup software by Luis Cobian Personal Developer. A security vulnerability exists in Cobian Reflector version 0.9.93 RC1, which stems from a password input field overflow that could lead to a denial of service attack...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems from the U.S.-based Apple Inc. developed specifically for Mac computers. A security vulnerability exists in Apple macOS Sequoia prior to version 15.7.3, which stems from a state management issue that could result in the accidental display of...
CVE-2025-52493
PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-3630 / CVE-2025-67635 Denial of service vulnerability in HTTP-based CLI Medium SECURITY-1809 / CVE-2025-67636 Missing permission check on password fields Medium SECURITY-783 / CVE-2025-67637 storage, CVE-2025-67638 masking Build authorization...
CVE-2025-63531
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, a...
CVE-2025-13586 SourceCodester Online Student Clearance System changepassword.php sql injection
A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...