Lucene search
K

21 matches found

Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.11 views

PT-2026-25998

Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...

5.3CVSS6AI score0.00327EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:50 a.m.4 views

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

6.9CVSS5.4AI score0.00457EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : ipa-4.6.8-5.17.0.1.el7.AXS7 (AXSA:2024-8141:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8141:06 advisory. ipa: user can obtain a hash of the passwords of all domain users and perform offline brute force CVE-2024-3183 Tenable has extracted the preceding descriptio...

8.1CVSS5.6AI score0.02053EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.4 views

CVE-2025-40760

A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes fo...

6.8CVSS6.5AI score0.00123EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 8:15 p.m.6 views

CVE-2018-25129

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like...

7.5CVSS0.00308EPSS
Exploits1References3
NVD
NVD
added 2025/12/16 7:15 p.m.5 views

CVE-2025-14553

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

7CVSS0.00174EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/02 12:37 a.m.5 views

EUVD-2025-200106

Grav Exposes Password Hashes Leading to privilege escalation...

6.2CVSS6.6AI score0.00359EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48563

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack thes...

6.2CVSS6.9AI score0.00359EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.7 views

PT-2025-44801

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...

8.8CVSS6.3AI score0.01187EPSS
Exploits0References5
CVE
CVE
added 2025/10/15 8:26 a.m.24 views

CVE-2025-11196

The CVE-2025-11196 issue affects the WordPress External Login plugin (versions up to 1.11.2). The vulnerability is due to the exlog_test_connection AJAX action lacking capability checks or nonce validation, enabling authenticated users with subscriber-level access and above to query the external ...

4.3CVSS5.2AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-7026

Malware in sbrugna...

5CVSS8.6AI score0.02742EPSS
Exploits8References3
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.2 views

SYSCOM OMFLOW 信息泄露漏洞

SYSCOM OMFLOW is an information maintenance management system from China's SYSCOM Corporation. An information disclosure vulnerability exists in SYSCOM OMFLOW version 1.2.0 and prior versions, which originates from a remote attacker who logs into the system and can obtain the password hashes of a...

6.5CVSS6.4AI score0.00463EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/15 12:0 a.m.5 views

PT-2024-39246 · Syscom · Omflow

Name of the Vulnerable Software and Affected Versions: OMFLOW from The SYSCOM Group affected versions not specified Description: The issue is related to the data query functionality in OMFLOW, which does not properly restrict the query range. This allows remote attackers with regular privileges t...

6.5CVSS7AI score0.00436EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/06/03 12:0 a.m.6 views

PT-2024-19670 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3 and all versions prior to 7.0.8 FortiWeb versions 7.2.4 and below FortiWeb version 7.4.0 Description: The issue allows an authenticated attacker to read password hashes of other administrators via CLI commands. This is d...

5.5CVSS6.9AI score0.00202EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.3 views

UCS@school Security Breach

UCS@school is a comprehensive solution that provides access to school infrastructure and applications as well as a complete toolset for operating them. A security vulnerability exists in versions prior to UCS@school 4.4v5-errata, which stems from an incorrect LDAP ACL in ucs-school-ldap-acls-mast...

6.5CVSS6.9AI score0.00376EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.5 views

Ibexa GraphQL Bundle 安全漏洞

Ibexa GraphQL Bundle is an Ibexa open source GraphQL server for the eZ platform, open source Symfony CMS. A security vulnerability exists in Ibexa GraphQL Bundle versions prior to 2.3.12 and 1.0.13, which stems from the fact that its insecure storage of sensitive information results in...

7.5CVSS5.7AI score0.01295EPSS
Exploits1References3
OSV
OSV
added 2017/02/13 9:59 p.m.3 views

CVE-2017-5163

An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without...

5.9CVSS5.8AI score0.01901EPSS
Exploits0References2
OSV
OSV
added 2014/05/12 2:55 p.m.3 views

UBUNTU-CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the passwordpbkdf2 directive in the file...

2.1CVSS5.8AI score0.00384EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2012/07/03 12:0 a.m.6 views

PT-2012-3945 · Anaconda · Anaconda

Name of the Vulnerable Software and Affected Versions: Anaconda affected versions not specified Description: The issue concerns the bootloader configuration module in Anaconda, specifically the pyanaconda/bootloader.py file, which sets 755 permissions for /etc/grub.d. This setting allows local...

2.1CVSS6AI score0.00398EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2012/06/19 3:23 p.m.4 views

sosreport does not blank root password in anaconda plugin

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

4.3CVSS5.8AI score0.01429EPSS
Exploits0References4
Rows per page
Query Builder