Lucene search
K

47 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:7 p.m.7 views

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

7.5CVSS7AI score0.00588EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.4 views

Drupal One Time Password 安全漏洞

Drupal One Time Password is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal One Time Password versions prior to 1.3.0 that stems from a capture replay attack that bypasses authentication and could lead to the theft of...

4.8CVSS6.9AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.4 views

Drupal Enterprise MFA - TFA for Drupal 安全漏洞

Drupal Enterprise MFA - TFA for Drupal is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Enterprise MFA - TFA for Drupal prior to version 5.2.0, which stems from an authentication bypass that could result in remote...

4.8CVSS7AI score0.00235EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.5 views

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from the fact that running gNOI File TransferToRemote RPC with gNMI transfer enabled may result in the disclosure of remote...

6.5CVSS6.6AI score0.00231EPSS
Exploits0References1
Arista
Arista
added 2025/05/06 12:0 a.m.59 views

Security Advisory 0117

Security Advisory 0117 . CSAF PDF Date: May 6, 2025 Revision | Date | Changes ---|---|--- 1.0 | May 6, 2025 | Initial release 1.1 | May 20, 2025 | Updated affected Arista products Updated mitigation option 3 The CVE-ID tracking this issue: CVE-2025-0936 CVSSv3.1 Base Score: 6.5...

6.5CVSS6.1AI score0.00231EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.5 views

Git Credential Manager 信息泄露漏洞

Git Credential Manager GCM is a secure Git credential assistant open-sourced by Git Ecosystem. An information disclosure vulnerability exists in Git Credential Manager. An attacker could exploit this vulnerability to capture the credentials of another Git remote. The following products and versio...

7.4CVSS8.7AI score0.03148EPSS
Exploits0References11
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.340 views

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

!/usr/bin/env python Exploit Title: Tinycontrol LAN Controller v3 LK3 - Remote Credentials Extraction Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/09/04 12:0 a.m.278 views

Tinycontrol LAN Controller 3 Remote Credential Extraction Exploit

!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/09/01 12:0 a.m.312 views

Tinycontrol LAN Controller v3 (LK3) Remote Credentials Extraction PoC

Summary Lan Controller is a very universal device that allows you to connect many different sensors and remotely view their readings and remotely control various types of outputs. It is also possible to combine both functions into an automatic if - this with a calendar when - then. The device...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.6 views

OrangeScrum 跨站脚本漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum cross-site scripting vulnerability, the vulnerability stems from the application does not properly validate the HTML content to be converted t...

7.6CVSS6.1AI score0.00576EPSS
Exploits1References3
OSV
OSV
added 2023/01/20 7:15 a.m.4 views

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

8.8CVSS5.8AI score0.00161EPSS
Exploits0References1
Prion
Prion
added 2023/01/20 7:15 a.m.13 views

Design/Logic Flaw

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

4.3CVSS8.3AI score0.00161EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/10/21 12:15 p.m.6 views

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

7.5CVSS5.8AI score0.00724EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.7 views

DAIKIN SVMPC1 和 SVMPC2 信任管理问题漏洞

DAIKIN SVMPC1 and DAIKIN SVMPC2 are both a single-site and multi-site controller from DAIKIN Japan. A security vulnerability exists in DAIKIN SVMPC1 version 2.1.22 and earlier and SVMPC2 version 1.2.3 and earlier, which originates from a vulnerability that could allow a remote attacker to obtain...

9.8CVSS8.4AI score0.00697EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/09/16 12:0 a.m.3 views

PT-2021-18452 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 versions 11.2 through 11.5 Description: The issue is an information disclosure vulnerability that exposes remote storage credentials to privileged users under specific conditions. Recommendations: For IBM Db2 versions 11.2 through 11....

4.4CVSS4.6AI score0.0103EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:52 p.m.21 views

Security Bulletin: IBM DataPower Gateway can expose remote credentials to local users (CVE-2020-4528)

Summary Passwords provided as part of a URL for an administrative COPY command may appear in the administrative log. If the password is not provided in the URL, it will be prompted for, and will not appear in the log. Vulnerability Details CVEID: CVE-2020-4528 DESCRIPTION: IBM MQ Appliance could...

5.9CVSS1.3AI score0.00286EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/05/17 3:15 p.m.3 views

CVE-2021-27734

Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users...

9.8CVSS7.4AI score0.01264EPSS
Exploits0References1
OSV
OSV
added 2020/02/05 4:15 p.m.3 views

CVE-2019-16203

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client...

7.5CVSS7.2AI score0.01383EPSS
Exploits0References2
Broadcom
Broadcom
added 2020/01/24 12:0 a.m.19 views

BSA-2020-906

Security Advisory ID : BSA-2020-906 Component : authentication Revision : 1.0: Final Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. The argumen...

7.5CVSS7.3AI score0.01383EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/01/15 12:0 a.m.7 views

The vulnerability of D-Link DCM-604 and DCM-704 router microprogramming software, related to SNMP request processing errors, allows a hacker to expose account information.

The vulnerability of D-Link DCM-604 and DCM-704 router microprogramming software is related to errors in SNMP requests. Exploiting this vulnerability can allow a remote attacker to obtain login credentials...

10CVSS7.8AI score0.01907EPSS
Exploits1References2
Rows per page
Query Builder