Lucene search
K

63 matches found

Vulnrichment
Vulnrichment
added 2026/06/02 3:30 p.m.10 views

CVE-2026-45080 Klaw: Improper Access Control Allows Disclosure of Password Hash

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43449

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites and has a high real-world impact. ---- Introduction Arbitrary method call is a type of arbitrary code execution...

8.7CVSS6AI score0.0007EPSS
Exploits0References5
CNVD
CNVD
added 2025/12/03 12:0 a.m.4 views

Grav Elevation of Privilege Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which stems from a password hash disclosure, and can be exploited by an attacker to cause...

7.2CVSS7.3AI score0.00359EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.22 views

EUVD-2021-14245

Malware in sbrugna...

7.5CVSS7.6AI score0.01105EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-19092

Malware in sbrugna...

7.5CVSS7.6AI score0.02165EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-3745

Malware in sbrugna...

7.5CVSS7.4AI score0.01925EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-35437

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00576EPSS
Exploits0References1
KoreLogic Security
KoreLogic Security
added 2025/07/28 12:0 a.m.7 views

Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information

Vulnerability Details Affected Vendor: Xorux Affected Product: LPAR2RRD Affected Version: 8.04 and prior Platform: Rocky Linux 8.10 CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54768 2. Vulnerability Description An API endpoint that should be limited to web...

5.3CVSS6.1AI score0.03976EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 1:19 p.m.5 views

CVE-2018-14529

Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes...

7.5CVSS7.1AI score0.0154EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:51 a.m.11 views

CVE-2016-10841

The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes SEC-73...

5.3CVSS7.1AI score0.00871EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:58 a.m.9 views

CVE-2019-9727

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

7.5CVSS7.3AI score0.02165EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/16 9:45 p.m.14 views

CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...

3.1CVSS3.7AI score0.00345EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

EspoCRM 安全漏洞

EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM versions prior to 9.0.7 that stems from improper password has...

3.7CVSS6.6AI score0.00345EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2024/10/04 12:0 a.m.340 views

ManageEngine ADManager 7183 Password Hash Disclosure

============================================================================================================================================= | Title : ManageEngine ADManager 7183 Password Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2024/06/06 10:29 a.m.27 views

CVE-2024-5657 CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

3.7CVSS4.2AI score0.00832EPSS
Exploits1References4
NVD
NVD
added 2024/02/13 11:15 p.m.30 views

CVE-2024-25118

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...

6.5CVSS4.9AI score0.0056EPSS
Exploits0References2
Veracode
Veracode
added 2023/06/08 6:52 a.m.22 views

Password Hash Disclosure

pimcore/customer-management-framework-bundle is vulnerable to Password Hash Disclosure. The vulnerability exists due to the getDetailviewData function of DefaultCustomerView.php because it does not properly mask user password hashes, which allows an attacker to crack the password hash and gain...

4.9CVSS7.1AI score0.00547EPSS
Exploits0References3Affected Software1
Huntr
Huntr
added 2023/05/02 2:41 p.m.32 views

all user password hash is disclosed

Proof of Concept login to admin account and then visit https://demo.pimcore.fun/admin/customermanagementframework/customers/detail?id=1016&filteroperator-customer=AND&filteroperator-segments=AND&filtershowSegments0=832&filtershowSegments1=833&filtershowSegments2=874&filterDefinitionid=1 able to...

3.3CVSS7.1AI score0.00547EPSS
Exploits0
Veracode
Veracode
added 2022/12/06 2:27 a.m.25 views

Cross-Site Request Forgery (CSRF)

craftcms/cms is vulnerable to cross-site request forgery. The vulnerability exists because the CRAFTCSRFTOKEN cookie in Request.php gets improperly encoded, allowing an attacker to disclose the password hash through the HTML hidden field...

7.5CVSS7.1AI score0.01035EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/06/14 10:15 a.m.17 views

CVE-2022-30231

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash...

6.9CVSS0.00576EPSS
Exploits0References2
Rows per page
Query Builder