Lucene search
K

86 matches found

CNVD
CNVD
added 2026/02/11 12:0 a.m.5 views

HCL AION Information Disclosure Vulnerability (CNVD-2026-16403)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that stems from the password field not disabling autocomplete, which can be exploited by an attacker to cause sensitive credentials to be stored or disclosed...

6.5CVSS5.7AI score0.00151EPSS
Exploits0
NVD
NVD
added 2026/02/03 7:16 p.m.9 views

CVE-2025-52623

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

6.5CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 6:12 p.m.26 views

CVE-2025-52623 HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

3.7CVSS0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-5901

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to an issue where the autocomplete attribute is not disabled for password fields. This can allow the autocomplete function to store or reveal sensitive credentials, potentially leading t...

6.5CVSS5.4AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 8:56 p.m.12 views

CVE-2025-43542

CVE-2025-43542 affects Apple devices via a state-management issue that can cause password fields to be revealed when a device is remotely controlled over FaceTime. Affected products/versions include iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Tahoe 26.2, an...

7.5CVSS5.8AI score0.00833EPSS
In wildExploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-51023

Name of the Vulnerable Software and Affected Versions macOS Sequoia versions prior to 15.7.3 Description A flaw exists in FaceTime on macOS Sequoia that could lead to the unintentional revelation of password fields when remotely controlling a device. The issue was caused by inconsistent user...

6.5AI score0.00833EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.7 views

Jenkins is missing a permission check on password fields

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views...

4.3CVSS6.8AI score0.00208EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/10 6:30 p.m.2 views

GHSA-P3F5-98CV-562J Jenkins is missing a permission check on password fields

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views...

4.3CVSS5.9AI score0.00208EPSS
Exploits0References4
OSV
OSV
added 2025/12/10 5:15 p.m.4 views

CVE-2025-52493

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from...

6.5CVSS5.8AI score0.00332EPSS
Exploits0References4
CVE
CVE
added 2025/12/10 12:0 a.m.19 views

CVE-2025-52493

PagerDuty Runbook (through 2025-06-12) stores secret values in the configuration page DOM. Although fields appear masked, secrets are present in the page source and can be revealed by changing input type from password to text via browser dev tools. Exploitation is described as possible by adminis...

6.5CVSS6.5AI score0.00332EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.29 views

CVE-2025-52493

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from...

0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/30 3:30 a.m.8 views

EUVD-2025-199915

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS5.8AI score0.00324EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/30 1:53 a.m.12 views

CVE-2025-13615 StreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password Change

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS0.00324EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/30 12:0 a.m.13 views

PT-2025-48376

Name of the Vulnerable Software and Affected Versions StreamTube Core plugin for WordPress versions up to and including 4.78 Description The StreamTube Core plugin for WordPress is susceptible to Arbitrary User Password Change. This occurs because the plugin grants user-controlled access to...

9.8CVSS6.3AI score0.00324EPSS
Exploits1References13
Veracode
Veracode
added 2025/11/27 7:34 a.m.7 views

Weak-password Policy Bypass

novosga/novosga is vulnerable to weak-password policy bypass. The vulnerability is due to improper validation of the Senha/Confirmação da Senha fields in the User Creation Page /novosga.users/new, which allows an attacker to remotely exploit the weak password policy, though with high complexity a...

6.3CVSS6.7AI score0.00331EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/05 2:14 a.m.4 views

CVE-2025-43360

The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed...

5.5CVSS6.3AI score0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/04 1:16 a.m.2 views

CVE-2025-43360

The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed...

5.8AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2025/11/04 1:16 a.m.11 views

CVE-2025-43360

CVE-2025-43360 affects Apple iOS and iPadOS Authentication Services. The issue allowed a password field to be unintentionally revealed due to a UI-related vulnerability. Root cause and affected component are described in the public CVE; Apple fixed the issue in iOS 26 and iPadOS 26 with an improv...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2025/10/16 6:22 p.m.3 views

GHSA-495J-H493-42Q2 Strapi Allows Unauthorized Access to Private Fields via parms.lookup

Summary It's possible to access any private fields by filtering through the lookup parameters Details Using the new lookup operator provided by the document service in Strapi 5, it is not properly sanitizing this query operator for private fields. PoC 1. Create a strapi app. 2. Create a...

8.2CVSS7AI score0.00383EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-12595

Malware in sbrugna...

4.3CVSS4.8AI score0.01254EPSS
Exploits0References7
Rows per page
Query Builder