CVE-2026-11209

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10004

Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2026-49000 Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a potential issue with the SSP password key handling function in Bluetooth hcievent, allowing for the...

Astra Linux - уязвимость в cifs-utils

It was discovered that cifs-utils’ mount.cifs function invoked a shell when requesting the Samba password, which could be exploited to inject arbitrary commands. An attacker who had special permissions, such as those through sudo rules, could use this vulnerability to escalate their privileges...

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

PT-2026-41583

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95 Description The software truncates passwords containing embedded NULL characters. In the PKCS12.xs file, password parameters are declared as char , which utilizes Perl's default typemap SvPV nolen,...

SenseLive X3050 安全漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a security vulnerability, which stems from the unreliable application of password updates. This vulnerability may cause the system to continue...

GHSA-RPHV-H674-5HP2 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit

Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the password is inserted into Tcl brace-quoted send %s, a...

CVE-2026-27806

Fleet Orbit is affected prior to version 4.81.1 where the Orbit agent’s FileVault rotation flow collects a local user’s password through a GUI dialog and interpolates it into a Tcl/expect script executed via exec.Command("expect", "-c", script). The password is inserted into a Tcl brace-quoted se...

Shinrays Games Goods Triple App 安全漏洞

Shinrays Games Goods Triple App is an application for trading virtual game goods by Shinrays Games. Versions of Shinrays Games Goods Triple App 1.200 and earlier contained a security vulnerability. This vulnerability stemmed from incorrect handling of parameters AESIV/AESPASSWORD in the jRwTX.jav...

Code-Projects Student Membership System SQL注入漏洞

The Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters username and password in...

CVE-2026-33297

CVE-2026-33297 affects WWBN AVideo prior to version 26.0. A logic error in CustomizeUser/setPassword.json.php coerces any non-numeric ProfilePassword to 0 via intval(), causing the stored channel password to become 0. This enables any visitor to bypass channel-level access controls by entering 0....

CVE-2026-27441

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

EUVD-2026-9377

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

CVE-2026-27441 PDF Password CMDi

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

CVE-2026-27441 PDF Password CMDi

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

GO-2026-4490 NeuVector scanner insecurely handles passwords as command arguments in github.com/neuvector/scanner

NeuVector scanner insecurely handles passwords as command arguments in github.com/neuvector/scanner. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Code-Projects Online Student Management System SQL注入漏洞

Code-Projects Online Student Management System is an open-source online student management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Student Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters userna...

Code-Projects Mobile Shop Management System security vulnerabilities

Code-Projects Mobile Shop Management System is an open-source mobile store management system developed by Code-Projects. Version 1.0 of the Code-Projects Mobile Shop Management System contains a security vulnerability. This vulnerability stems from improper handling of the Password parameter in t...