2116 matches found
CVE-2026-22098
Technical details about CVE-2026-22098 are not publicly available in the provided documents. The issue is described as sensitive information written to log files, but product/versions, impact specifics, and fixes are not specified. Monitor for updates.
WordPress Download Manager - File Password Exposure
The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. id: CVE-2023-6421 info: name: WordPress Download Manager - File Password Exposure...
CVE-2025-63579
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
CVE-2026-47840 LDAP StartTLS unconditionally disables hostname verification
A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...
CVE-2025-63579
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
CVE-2025-63579
CVE-2025-63579 affects Kyocera devices using Command Center RX for various TASKalfa models (e.g., 2552ci, 3252ci, 2553ci, 3253ci, 3554ci, 4052ci, 5052ci, 6052ci, 7052ci, 8052ci, 7353ci, 8353ci, 2554ci, 3254ci, 505). The description reports that unauthorized access can export all information store...
PYSEC-2026-925 sosreport Exposure of Sensitive Information vulnerability
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el86, ovirt-log-collector-4.4.7-2.el8ev...
CVE-2026-14808
CVE-2026-14808 concerns the Prog Management System from PROG MIS, with an exposed sensitive-information vulnerability. Unauthenticated remote attackers can access a specific page and obtain the database account and password, leading to high-impact confidentiality and integrity risks (CVSS ~9.3–9....
CVE-2026-14808 PROG MIS|Prog Management System - Exposure of Sensitive Information
Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password...
CVE-2026-8804
Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...
CVE-2026-54704
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...
CVE-2026-54704 OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...
CVE-2026-53692
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...
CVE-2026-13750
Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...
CVE-2026-57302
CVE-2026-57302 affects the Jenkins FitNesse Plugin, specifically version 1.36 and earlier. The root cause is unencrypted password storage in the job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller files...
CURL-CVE-2026-8926 password leak with netrc and user in URL
When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is n...
PT-2026-51749
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When configured to use a .netrc file for credentials while simultaneously specifying a URL containing a username but no password e.g., https://[email protected]/, the software may incorrectly...
CVE-2026-8636
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...
CVE-2026-50200 Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...
CVE-2026-54411
Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...