EUVD-2026-38283

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...

PHP EI-Tube Script SQL注入漏洞

The PHP EI-Tube Script is a video website construction system developed by Elis Atef. The PHP EI-Tube Script has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the search parameter, which may allow unauthenticated attackers to execute arbitrary SQL...

F5 Networks BIG-IP : iControl REST vulnerability (K000158070)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000158070 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in thegtmaddandbigipaddiControl REST commands that return...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

GHSA-W47F-J8RH-WX87 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...

CVE-2026-35484 text-generation-webui has a Path Traversal in load_preset() — .yaml file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

CVE-2019-25605

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

EUVD-2025-208687

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

CVE-2025-67860 NeuVector scanner insecurely handles passwords as command arguments

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

PT-2026-21754

Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The firmware exposes user passwords in plaintext within the administrative interface and HTTP responses, potentially allowing recovery of valid...

CVE-2026-0747

Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or scree...

Unspecified Vulnerability in AXIS OS

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...

CVE-2025-34293

GN4 Publishing System before 2.6 is affected by an insecure direct object reference (IDOR) via the API. Authenticated requests to object endpoints allow an authenticated user to query arbitrary user IDs and retrieve sensitive data, including stored passwords and the account’s security question/an...

EUVD-2012-0840

Malware in sbrugna...

CVE-2025-30063

The configuration file containing database logins and passwords is readable by any local user...

CVE-2025-30063

Technical details for CVE-2025-30063 are not publicly available in the provided documents. The connected EUVD entries do not reveal affected products, root cause, or remediation for this CVE. Monitor for updates.

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence AI chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked...

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information...

The vulnerability of the Jenkins automation server’s monitor-remote-job plugin, related to deficiencies in access control, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server’s “monitor-remote-job” plugin is related to deficiencies in access control, resulting from passwords being stored publicly in the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protecte...

KSRTC AWATAR 访问控制错误漏洞

KSRTC AWATAR is an online bus ticket booking application of Karnataka State Road Transport KSRTC Corporation, India. A security vulnerability exists in KSRTC AWATAR v1.3.0, which stems from improper access control and could lead to viewing sensitive information such as usernames and passwords...