Lucene search
K

1755 matches found

OSV
OSV
added 2026/03/18 2:30 p.m.4 views

CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

7.5CVSS5.9AI score0.00499EPSS
Exploits1References5
CVE
CVE
added 2026/03/18 2:30 p.m.25 views

CVE-2026-32609

CVE-2026-32609 (Glances) : The issue prime in Glances is incomplete redaction of secrets on API endpoints. The GHSA-gh4x fix redacted credentials on /api/v4/config via as_dict_secure(), but endpoints /api/v4/args and /api/v4/args/{item} still exposed the full command-line namespace (vars(self.arg...

7.5CVSS5.8AI score0.00499EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/03/18 12:59 p.m.189 views

Exploit for CVE-2025-4396

CVE-2025-4396 - WordPress Relevanssi Time-Based Blind SQL Inje...

7.5CVSS7.4AI score0.02626EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/03/16 4:26 p.m.7 views

Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Summary The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not addressed by this fix. These endpoints return the complete...

7.5CVSS5.8AI score0.00499EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/16 4:26 p.m.6 views

GHSA-CVWP-R2G2-J824 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Summary The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not addressed by this fix. These endpoints return the complete...

7.5CVSS5.8AI score0.00499EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2026-30790

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2026-30789

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Reusing Session IDs aka Session Replay. Thi...

9.8CVSS5.8AI score0.00269EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 8:16 p.m.7 views

CVE-2026-28342

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacke...

7.5CVSS0.00645EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/05 7:33 p.m.4 views

CVE-2026-28342 OliveTin: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacke...

7.5CVSS5.8AI score0.00645EPSS
Exploits1References3
OSV
OSV
added 2026/03/05 7:33 p.m.5 views

CVE-2026-28342 OliveTin: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacke...

7.5CVSS5.8AI score0.00645EPSS
Exploits1References5
CVE
CVE
added 2026/03/05 7:33 p.m.24 views

CVE-2026-28342

OliveTin CVE-2026-28342 affects the PasswordHash API endpoint prior to version 3000.10.2, where unauthenticated users can issue concurrent password hashing requests to trigger heavy memory usage, exhausting container memory and causing service degradation or DoS. Root cause: hashing operations ar...

7.5CVSS5.9AI score0.00645EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/05 6:31 p.m.6 views

EUVD-2026-9833

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

8.2CVSS6AI score0.00083EPSS
Exploits1References3
NVD
NVD
added 2026/03/05 4:16 p.m.8 views

CVE-2026-30790

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00225EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/05 3:49 p.m.7 views

CVE-2026-30790

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

9.8CVSS5.7AI score0.00225EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 3:41 p.m.25 views

CVE-2026-30789

CVE-2026-30789 concerns the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. It enables an authentication bypass via capture-replay and the use of a password hash with insufficient computational effort, by reusing Session IDs (session replay) in login and peer aut...

9.8CVSS5.9AI score0.00269EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/05 3:41 p.m.30 views

CVE-2026-30789 RustDesk Auth Proof Uses Server-Controlled Salt/Challenge and Fast Double-SHA256, Enabling Offline Brute-Force

Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Password Brute Forcing. T...

5.7CVSS0.00269EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/05 3:41 p.m.8 views

CVE-2026-30789 RustDesk Auth Proof Uses Server-Controlled Salt/Challenge and Fast Double-SHA256, Enabling Offline Brute-Force

Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Password Brute Forcing. T...

5.7CVSS5.9AI score0.00269EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23466

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb common on Windows, MacOS, Linux Password security module, config encryption, machine...

8.2CVSS6AI score0.00083EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/04 9:31 a.m.18 views

EUVD-2026-9375

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

9.2CVSS5.9AI score0.00142EPSS
Exploits1References2
NVD
NVD
added 2026/03/04 8:16 a.m.8 views

CVE-2026-29120

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

9.2CVSS0.00142EPSS
Exploits1References1
Rows per page
Query Builder