Lucene search
+L

829 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-46514

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fmresetpassword in Tools/ResetPassword.php:48-53 returned a plaintext password and fmaddextension in Tools/AddExtension.php:172 returned a plaintext secret; Frogman.class.php:2207-2211 used auditOutcome to JSON-encode...

6.5CVSS0.0026EPSS
Exploits0References4
CVE
CVE
added 2 days ago6 views

CVE-2026-46514

Frogman (headless PBX control via MCP/HTTP API) had a vulnerability prior to version 1.6.2 where returned a plaintext password and returned a plaintext secret. Frogman.class.php:2207-2211 JSON-encoded these values in , enabling any PERM_READ caller with access to to recover stored credentials....

6.5CVSS6.1AI score0.0026EPSS
Exploits0References4
OSV
OSV
added 5 days ago3 views

OPENSUSE-SU-2026:21320-1 Security update for pam

This update for pam fixes the following issue - CVE-2026-54411: timing discrepancy in the pamuserdb module's plaintext-password comparison bsc1268290...

8.2CVSS6.1AI score0.00321EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 12:49 p.m.2 views

OESA-2026-2903 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

8.2CVSS6.1AI score0.00321EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 12:49 p.m.3 views

OESA-2026-2901 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

8.2CVSS6.1AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-11405

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

9.8CVSS0.00668EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/06 7:17 p.m.54 views

CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

0.00668EPSS
Exploits1References2
CVE
CVE
added 2026/07/06 7:17 p.m.129 views

CVE-2026-11405

CVE-2026-11405 affects multiple Tenda firmware versions where the web server binary /bin/httpd implements a hidden backdoor authentication in login(): after normal MD5-based verification, if authentication fails it reads a config value via GetValue("sys.rzadmin.password") and compares it to the u...

9.8CVSS6AI score0.00668EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:17 p.m.7 views

CVE-2026-11405

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

6AI score0.00668EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/06 7:17 p.m.5 views

EUVD-2026-41919

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

6AI score0.00668EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-55969

Name of the Vulnerable Software and Affected Versions Tenda firmware versions US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware versions US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware versions US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware versions US AC5V1.0RTL V15.03.06.48...

9.8CVSS7.2AI score0.00668EPSS
Exploits1References44
OSV
OSV
added 2026/06/23 8:17 p.m.5 views

CVE-2026-47379 NocoDB: Plaintext Password Comparison in Shared Views

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 4:16 p.m.13 views

CVE-2025-52465

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...

7.2CVSS0.00353EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.8 views

SUSE CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

5.9CVSS5.4AI score0.00321EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/14 5:21 p.m.11 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.3AI score0.00321EPSS
Exploits0References4
CVE
CVE
added 2026/06/14 5:21 p.m.56 views

CVE-2026-54411

Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
OSV
OSV
added 2026/06/14 5:21 p.m.5 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS6AI score0.00321EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.19 views

PT-2026-49134

Name of the Vulnerable Software and Affected Versions Linux-PAM versions prior to 1.7.3 Description A timing discrepancy exists in the pam userdb module's plaintext-password comparison path within modules/pam userdb/pam userdb.c. A local or network-adjacent attacker can recover the plaintext...

8.2CVSS5.3AI score0.00321EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.15 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.6AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6500

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5...

4.8CVSS5.4AI score0.00096EPSS
Exploits0References1
Rows per page
Query Builder