21 matches found
EUVD-2026-36036
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...
CVE-2026-21670
A vulnerability allowing a low-privileged user to extract saved SSH credentials...
EUVD-2026-11581
A vulnerability allowing a low-privileged user to extract saved SSH credentials...
CVE-2026-21670
A vulnerability allowing a low-privileged user to extract saved SSH credentials...
CVE-2026-21670
A vulnerability allowing a low-privileged user to extract saved SSH credentials...
PT-2026-24956
Name of the Vulnerable Software and Affected Versions Veeam Backup and Replication affected versions not specified Description A flaw exists that could allow a low-privileged user to obtain saved SSH credentials. The issue involves the potential extraction of these credentials. Recommendations At...
MAL-2026-1290 Malicious code in remjsonparse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...
EUVD-2026-2776
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH...
CVE-2021-47759
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH...
PT-2026-1668
Name of the Vulnerable Software and Affected Versions FLIR Thermal Camera F/FC/PT/D version 8.0.0.64 Description The FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 includes hard-coded SSH credentials that cannot be altered through standard camera settings. This allows attackers to obtain...
CVE-2017-20214 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 Hard-Coded SSH Credentials Vulnerability
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system...
CVE-2017-20214 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 Hard-Coded SSH Credentials Vulnerability
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system...
[SECURITY] Fedora 42 Update: openbao-2.4.4-1.fc42
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
CVE-2024-48460
An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...
Tabby 安全漏洞
Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client for Windows 10, macOS, and Linux from the individual developer Eugene. A security vulnerability exists in Tabby version 1.0.213, which stems from a vulnerability that allows a remote attacker to obtain sensitive...
PT-2024-11551 · Priva · Priva Topcontrol Suite
Name of the Vulnerable Software and Affected Versions: Priva TopControl Suite affected versions not specified Description: The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. This makes it possible for an attacker to calculate the login...
br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +156 more potentially affected by CVE-2018-1000601 via org.jenkins-ci.plugins:ssh-credentials (>=0.1 <=1.13)
org.jenkins-ci.plugins:ssh-credentials MAVEN version =0.1, =1.0.5.0, =1.9.2-beta, =1.14.0, =4.1.1, =1.1.0, =1.0.22, =1.3.0, =1.0.0, =3.0, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 - io.fabric8.pipeline:kubernetes-pipeline-devops-steps =1.3 and more Source cves:...
CVE-2021-40520
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials...
Airangel Hsmx Gateway 安全漏洞
Airangel Hsmx Gateway is a platform from Airangel UK. Used to manage authentication and billing in the network, a credential disclosure vulnerability exists in versions prior to Airangel Hsmx Gateway 5.2.04, which stems from the presence of weak SSH credentials in Airangel HSMX Gateway devices. A...