63 matches found
CVE-2026-45080 Klaw: Improper Access Control Allows Disclosure of Password Hash
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...
PT-2026-43449
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites and has a high real-world impact. ---- Introduction Arbitrary method call is a type of arbitrary code execution...
Grav Elevation of Privilege Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which stems from a password hash disclosure, and can be exploited by an attacker to cause...
EUVD-2021-14245
Malware in sbrugna...
EUVD-2019-19092
Malware in sbrugna...
EUVD-2017-3745
Malware in sbrugna...
EUVD-2022-35437
Malicious code in bioql PyPI...
Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information
Vulnerability Details Affected Vendor: Xorux Affected Product: LPAR2RRD Affected Version: 8.04 and prior Platform: Rocky Linux 8.10 CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54768 2. Vulnerability Description An API endpoint that should be limited to web...
CVE-2018-14529
Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes...
CVE-2016-10841
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes SEC-73...
CVE-2019-9727
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...
CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
EspoCRM 安全漏洞
EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM versions prior to 9.0.7 that stems from improper password has...
ManageEngine ADManager 7183 Password Hash Disclosure
============================================================================================================================================= | Title : ManageEngine ADManager 7183 Password Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
CVE-2024-5657 CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...
CVE-2024-25118
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...
Password Hash Disclosure
pimcore/customer-management-framework-bundle is vulnerable to Password Hash Disclosure. The vulnerability exists due to the getDetailviewData function of DefaultCustomerView.php because it does not properly mask user password hashes, which allows an attacker to crack the password hash and gain...
all user password hash is disclosed
Proof of Concept login to admin account and then visit https://demo.pimcore.fun/admin/customermanagementframework/customers/detail?id=1016&filteroperator-customer=AND&filteroperator-segments=AND&filtershowSegments0=832&filtershowSegments1=833&filtershowSegments2=874&filterDefinitionid=1 able to...
Cross-Site Request Forgery (CSRF)
craftcms/cms is vulnerable to cross-site request forgery. The vulnerability exists because the CRAFTCSRFTOKEN cookie in Request.php gets improperly encoded, allowing an attacker to disclose the password hash through the HTML hidden field...
CVE-2022-30231
A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash...