Lucene search
K

20 matches found

NVD
NVD
added 2026/05/11 10:22 p.m.30 views

CVE-2026-43875

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...

6.8CVSS0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 8:32 p.m.9 views

CVE-2026-43875 WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...

6.8CVSS5.8AI score0.00285EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 7:8 p.m.13 views

AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover

Summary plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly from the users table. AVideo's own login endpoint objects/login.json.php accept...

6.8CVSS5.8AI score0.00285EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-37291

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An issue exists where the endpoint 'plugin/MobileManager/oauth2.php' completes an OAuth login by redirecting the user to 'oauth2Success.php' via an HTTP 302 response. This redirect includes the user's...

6.8CVSS5.9AI score0.00285EPSS
Exploits0References6
NVD
NVD
added 2026/04/09 4:16 p.m.6 views

CVE-2025-15480

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

9.1CVSS0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 3:2 p.m.3 views

CVE-2025-15480 Senstive information disclosure was affecting ubuntu-desktop-provision

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

6.9CVSS5.8AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Ubuntu Desktop Provision 安全漏洞

Ubuntu Desktop Provision is an open-source desktop configuration tool developed by Canonical. Version 24.04.4 of Ubuntu Desktop Provision contains a security vulnerability, which stems from improper handling of crash reports and could lead to password hash leaks...

9.1CVSS5.8AI score0.00307EPSS
Exploits0References3
CVE
CVE
added 2025/12/16 6:38 p.m.28 views

CVE-2025-14553

Summary: CVE-2025-14553 concerns TP-Link Tapo mobile apps (iOS/Android) exposing password hashes via an unauthenticated API response, enabling attackers on the local network to brute-force credentials. Multiple connected sources confirm: affected product scope includes TP-Link Tapo cameras; impac...

7CVSS6.2AI score0.00174EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/16 6:38 p.m.14 views

CVE-2025-14553 Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

7CVSS6.2AI score0.00174EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-0164

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.00568EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2000

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00681EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50534

Malicious code in bioql PyPI...

5.7CVSS6.6AI score0.00353EPSS
Exploits0References2
NVD
NVD
added 2025/07/25 3:15 p.m.8 views

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

4.9CVSS0.00607EPSS
Exploits0References4
OSV
OSV
added 2025/07/25 3:15 p.m.7 views

CVE-2025-30086

CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...

4.9CVSS6.3AI score
Exploits0References4
OSV
OSV
added 2025/07/23 3:47 p.m.8 views

GHSA-H27M-3QW8-3PW8 Possible ORM Leak Vulnerability in the Harbor

Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...

4.9CVSS6.1AI score0.00607EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.8 views

PT-2025-30605 · Cncf · Cncf Harbor

Name of the Vulnerable Software and Affected Versions: CNCF Harbor versions 2.12.0 through 2.12.3 CNCF Harbor versions 2.13.0 through 2.13.0 Description: An ORM leak exists in the /api/v2.0/users endpoint, allowing administrators to potentially disclose users' password hash and salt values. The q...

4.9CVSS5.8AI score0.00607EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/22 4:47 a.m.8 views

CVE-2012-3884

AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data...

5CVSS7.2AI score0.01355EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/10 6:14 p.m.18 views

CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it'...

6.8CVSS6.5AI score0.00376EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2017/02/09 12:0 a.m.33 views

Fortinet FortiOS Local Admin Password Hash Leak Vulnerability (FG-IR-16-050)

Fortinet FortiOS is prone to a local admin password hash leak vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.9CVSS5AI score0.01539EPSS
Exploits0References2
NVD
NVD
added 2014/06/09 7:55 p.m.15 views

CVE-2013-2563

Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file...

2.1CVSS6.3AI score0.00465EPSS
Exploits1References3
Rows per page
Query Builder