Lucene search
K

1173 matches found

NVD
NVD
added 6 days ago10 views

CVE-2026-58167

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-58167 Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS0.00238EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40374

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 6 days ago6 views

CVE-2026-53692 Weak hashing algorithm in Redeight CMS

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

5.9CVSS5.8AI score0.00082EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-53918

Name of the Vulnerable Software and Affected Versions Nightingale n9e versions prior to 9.0.0-beta.2 Description Authenticated users with low privileges Standard role can access full datasource configurations through the 'POST /api/n9e/datasource/list' endpoint. This occurs because the route lack...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52655

Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description Passwords are stored in plaintext in the users.password column when a user's password is updated. This occurs because the User model only triggers password hashing during the before insert even...

4.9CVSS5.8AI score
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 8:17 p.m.28 views

CVE-2026-47379 NocoDB: Plaintext Password Comparison in Shared Views

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...

6.9CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:17 p.m.24 views

CVE-2026-47379

CVE-2026-47379 – NocoDB : The shared-view password check used a strict-equality comparison for legacy plaintext passwords, leaking the password length and per-character prefix via response timing. The bcrypt branch was unaffected; the vulnerability lies in the legacy comparison path in the shared...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Do not perform hex dumping of plaintext password data. The setnewpassword function performs hex dumping of the entire buffer, which contains plaintext password data, including current and new...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/16 12:57 p.m.7 views

CVE-2026-54411

A flaw was found in Linux-PAM's pamuserdb module. This vulnerability, categorized as an Observable Timing Discrepancy CWE-208, allows a local or network-adjacent attacker to recover plaintext passwords. By repeatedly attempting authentication and measuring response-timing differences during...

8.2CVSS5.2AI score0.00321EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-54411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

8.2CVSS5.9AI score0.00321EPSS
Exploits0References4
OSV
OSV
added 2026/06/14 6:17 p.m.5 views

DEBIAN-CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/14 5:21 p.m.24 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS0.00321EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/14 5:21 p.m.12 views

EUVD-2026-36662

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.5 views

OpenMetadata 安全漏洞

OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage repository, deep lineage, and seamless team collaboration. Prior to OpenMetadata 1.12.4, there were security vulnerabilities. These vulnerabilities stemmed from a workflow...

8.3CVSS5.3AI score0.00241EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36609

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...

7.3CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2025-15624

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...

9.3CVSS5.5AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:3 p.m.7 views

GHSA-QHXG-623C-CFJM NocoDB: Plaintext Password Comparison in Shared Views

Summary The shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. Details The bcrypt branch hashes starting with $2a$/$2b$ was unaffected. The legacy fallback in View.t...

6.9CVSS5.5AI score0.00253EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:3 p.m.18 views

NocoDB: Plaintext Password Comparison in Shared Views

Summary The shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. Details The bcrypt branch hashes starting with $2a$/$2b$ was unaffected. The legacy fallback in View.t...

6.9CVSS5.5AI score0.00253EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-46997

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The shared-view password check used strict-equality === comparison for legacy plaintext passwords. This creates a timing oracle, allowing a network-positioned attacker to leak the password length...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References8
Rows per page
Query Builder