Lucene search
K

321 matches found

Cvelist
Cvelist
added 2025/07/24 12:14 p.m.20 views

CVE-2025-40680 Encryption of sensitive data in CapillaryScope missing

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...

6.9CVSS0.00074EPSS
Exploits0References1
NVD
NVD
added 2025/07/24 7:15 a.m.6 views

CVE-2025-41240

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...

10CVSS0.00696EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/24 6:42 a.m.10 views

CVE-2025-41240 Mounted Kubernetes Secrets under a predictable path located within the web server document root

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...

10CVSS0.00696EPSS
Exploits0References1
CVE
CVE
added 2025/07/24 6:42 a.m.29 views

CVE-2025-41240

CVE-2025-41240 involves Bitnami Helm charts mounting Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) inside the web server document root. Affected deployments using the default usePasswordFiles=true may expose secrets via HTTP/S when the application is externally accessible, ...

10CVSS6.3AI score0.00696EPSS
Exploits0References1
OSV
OSV
added 2025/07/23 2:0 p.m.31 views

BIT-WORDPRESS-2025-41240

The Bitnami WordPress Helm chart mounts Kubernetes Secrets under a predictable path /opt/bitnami/wordpress/secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrie...

10CVSS6.5AI score0.00696EPSS
Exploits0References1
OSV
OSV
added 2025/07/23 2:0 p.m.20 views

BIT-APPSMITH-2025-41240

The Bitnami Appsmith Helm chart mounts Kubernetes Secrets under a predictable path /opt/bitnami/appsmith/secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve...

10CVSS6.5AI score0.00696EPSS
Exploits0References1
OSV
OSV
added 2025/07/23 2:0 p.m.7 views

BIT-DRUPAL-2025-41240

The Bitnami Drupal Helm chart mounts Kubernetes Secrets under a predictable path /opt/bitnami/drupal/secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve the...

10CVSS6.5AI score0.00696EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/18 12:0 a.m.4 views

Advantech iView NetworkServlet.backupDatabase Function Parameter Injection Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. The Advantech iView NetworkServlet.backupDatabase function parameter injection vulnerability can be exploited by an attacker to cause information disclosure, including sensiti...

7.1CVSS7.1AI score0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.4 views

PT-2025-31524

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform AAP affected versions not specified Description A flaw exists in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This affec...

4.9CVSS6.3AI score0.00207EPSS
Exploits0References12
CNVD
CNVD
added 2025/07/15 12:0 a.m.2 views

Advantech iView Parameter Injection Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A parameter injection vulnerability exists in Advantech iView, which originates from parameter injection in the NetworkServlet.restoreDatabase function and can be exploited by...

7.1CVSS7.1AI score0.00286EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/09 4:47 p.m.4 views

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information in the storage of the JWT token in the global configuration file on the controller. An attacker can access sensitive authentication credentials by obtaining access to the controller file system...

6.8CVSS7AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/03 3:22 p.m.18 views

CVE-2025-34062

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

5.7CVSS6.6AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/07/01 3:15 p.m.34 views

CVE-2025-34062

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

5.7CVSS0.00134EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.5 views

PT-2025-27550 · Onelogin · Onelogin Ad Connector

Name of the Vulnerable Software and Affected Versions: OneLogin AD Connector versions prior to 6.1.5 Description: An information disclosure issue exists via the "/api/adc/v4/configuration" endpoint. An attacker with access to a valid directory token can retrieve a plaintext response disclosing...

5.7CVSS6.1AI score0.00134EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/06/29 12:2 p.m.10 views

CVE-2024-24915 SmartConsole Sensitive Credential Exposure via Memory Dump

Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them...

6.1CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2025/06/29 12:2 p.m.28 views

CVE-2024-24915

CVE-2024-24915 affects Check Point SmartConsole. Credentials are not cleared from memory after use, enabling an administrator to perform a memory dump of the SmartConsole process and fetch sensitive data. Exploitation context: an Administrator with local access can access credentials via a memory...

7.2CVSS7.4AI score0.00175EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/29 12:2 p.m.4 views

CVE-2024-24915 SmartConsole Sensitive Credential Exposure via Memory Dump

Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them...

6.1CVSS7.4AI score0.00175EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/04 2:0 a.m.7 views

Information Disclosure

com.erudika, para-server is vulnerable to Information disclosure. The vulnerability is due to unredacted logging of access and secret keys during variable assignment, which is unnecessary for debugging or system health, allows an attacker with access to the logs to obtain sensitive credentials...

6.2CVSS6.4AI score0.00145EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/29 1:50 a.m.22 views

CVE-2025-33079

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...

6.5CVSS6.6AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2025/05/27 2:15 a.m.34 views

CVE-2025-33079

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...

6.5CVSS0.00266EPSS
Exploits0References1
Rows per page
Query Builder