Lucene search
K

1755 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2014-0246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

4.3CVSS5.4AI score0.01321EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2009-4269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the...

2.1CVSS8.2AI score0.01479EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-15423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password b...

5.3CVSS7AI score0.01513EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-7701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects...

7.5CVSS5.8AI score0.002EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2014-9970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jasypt before 1.9.2 allows a timing attack against the password hash comparison. CVE-2014-9970 Note that Nessus relies on the presence of the package as reporte...

7.5CVSS6.5AI score0.02432EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/05 5:12 p.m.12 views

XWiki leaks password hashes and other accessible password properties

Impact Any user with edit right on a page of the wiki can create an XClass with a database list property that references a password property, for example the password hash that is stored for users. When adding an object of that XClass, the content of that password property is displayed. In...

7.1CVSS6.8AI score0.00397EPSS
Exploits1References5Affected Software2
Vulnrichment
Vulnrichment
added 2025/07/29 4:54 p.m.4 views

CVE-2025-5922 Retrievable password hash protecting TSplus admin console

Access to TSplus Remote Access Admin Tool is restricted to administrators unless "Disable UAC" option is enabled and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack usi...

4.8CVSS6.6AI score0.00084EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/29 4:54 p.m.10 views

CVE-2025-5922 Retrievable password hash protecting TSplus admin console

Access to TSplus Remote Access Admin Tool is restricted to administrators unless "Disable UAC" option is enabled and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack usi...

4.8CVSS0.00084EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/28 5:33 a.m.7 views

Sensitive Information Disclosure

github.com/goharbor/harbor is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an ORM leak caused by improper filtering logic in the /api/v2.0/users endpoint, allowing administrators to extract password hash and salt values using the q URL parameter...

4.9CVSS6.2AI score0.00607EPSS
Exploits0References9Affected Software1
KoreLogic Security
KoreLogic Security
added 2025/07/28 12:0 a.m.7 views

Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

Vulnerability Details Affected Vendor: Xorux Affected Product: LPAR2RRD Affected Version: 8.04 and prior Platform: Rocky Linux 8.10 CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54768 2. Vulnerability Description An API endpoint that should be limited to web...

5.3CVSS6.1AI score0.03976EPSS
Exploits2Affected Software1
OSV
OSV
added 2025/07/25 3:15 p.m.7 views

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

4.9CVSS6.3AI score
Exploits0References4
NVD
NVD
added 2025/07/25 3:15 p.m.8 views

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

4.9CVSS0.00607EPSS
Exploits0References4
Snyk
Snyk
added 2025/07/25 2:45 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...

6.9CVSS6.8AI score0.00607EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/25 12:0 a.m.5 views

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

5.8AI score0.00607EPSS
Exploits0References4
CVE
CVE
added 2025/07/25 12:0 a.m.57 views

CVE-2025-30086

CVE-2025-30086 affects CNCF Harbor: Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 are vulnerable to an ORM leak via the /api/v2.0/users endpoint. The q URL parameter lets an administrator filter by any column and abuse password=~ to leak a user’s password hash and salt character by charact...

4.9CVSS6.2AI score0.00607EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/25 12:0 a.m.29 views

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

0.00607EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/07/23 3:47 p.m.21 views

Possible ORM Leak Vulnerability in the Harbor

Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...

4.9CVSS6.1AI score0.00607EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/07/23 3:47 p.m.8 views

GHSA-H27M-3QW8-3PW8 Possible ORM Leak Vulnerability in the Harbor

Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...

4.9CVSS6.1AI score0.00607EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.8 views

PT-2025-30605 · Cncf · Cncf Harbor

Name of the Vulnerable Software and Affected Versions: CNCF Harbor versions 2.12.0 through 2.12.3 CNCF Harbor versions 2.13.0 through 2.13.0 Description: An ORM leak exists in the /api/v2.0/users endpoint, allowing administrators to potentially disclose users' password hash and salt values. The q...

4.9CVSS5.8AI score0.00607EPSS
Exploits0References11
CNVD
CNVD
added 2025/07/21 12:0 a.m.3 views

Unspecified Vulnerability in Tenda CP3 Pro

Tenda CP3 Pro is a smart wireless PTZ camera that combines 360° panoramic surveillance, 3MP HD camera, and Wi-Fi 6 network technology, and supports human/pet detection, cry detection, and one-button calling. Tenda CP3 Pro suffers from a security vulnerability that originates from the presence of ...

6.8CVSS7.3AI score0.00207EPSS
Exploits1References1
Rows per page
Query Builder