321 matches found
CVE-2025-40680 Encryption of sensitive data in CapillaryScope missing
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...
CVE-2025-41240
Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...
CVE-2025-41240 Mounted Kubernetes Secrets under a predictable path located within the web server document root
Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...
CVE-2025-41240
CVE-2025-41240 involves Bitnami Helm charts mounting Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) inside the web server document root. Affected deployments using the default usePasswordFiles=true may expose secrets via HTTP/S when the application is externally accessible, ...
BIT-WORDPRESS-2025-41240
The Bitnami WordPress Helm chart mounts Kubernetes Secrets under a predictable path /opt/bitnami/wordpress/secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrie...
BIT-APPSMITH-2025-41240
The Bitnami Appsmith Helm chart mounts Kubernetes Secrets under a predictable path /opt/bitnami/appsmith/secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve...
BIT-DRUPAL-2025-41240
The Bitnami Drupal Helm chart mounts Kubernetes Secrets under a predictable path /opt/bitnami/drupal/secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve the...
Advantech iView NetworkServlet.backupDatabase Function Parameter Injection Vulnerability
Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. The Advantech iView NetworkServlet.backupDatabase function parameter injection vulnerability can be exploited by an attacker to cause information disclosure, including sensiti...
PT-2025-31524
Name of the Vulnerable Software and Affected Versions Ansible Automation Platform AAP affected versions not specified Description A flaw exists in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This affec...
Advantech iView Parameter Injection Vulnerability
Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A parameter injection vulnerability exists in Advantech iView, which originates from parameter injection in the NetworkServlet.restoreDatabase function and can be exploited by...
Insecure Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information in the storage of the JWT token in the global configuration file on the controller. An attacker can access sensitive authentication credentials by obtaining access to the controller file system...
CVE-2025-34062
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...
CVE-2025-34062
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...
PT-2025-27550 · Onelogin · Onelogin Ad Connector
Name of the Vulnerable Software and Affected Versions: OneLogin AD Connector versions prior to 6.1.5 Description: An information disclosure issue exists via the "/api/adc/v4/configuration" endpoint. An attacker with access to a valid directory token can retrieve a plaintext response disclosing...
CVE-2024-24915 SmartConsole Sensitive Credential Exposure via Memory Dump
Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them...
CVE-2024-24915
CVE-2024-24915 affects Check Point SmartConsole. Credentials are not cleared from memory after use, enabling an administrator to perform a memory dump of the SmartConsole process and fetch sensitive data. Exploitation context: an Administrator with local access can access credentials via a memory...
CVE-2024-24915 SmartConsole Sensitive Credential Exposure via Memory Dump
Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them...
Information Disclosure
com.erudika, para-server is vulnerable to Information disclosure. The vulnerability is due to unredacted logging of access and secret keys during variable assignment, which is unnecessary for debugging or system health, allows an attacker with access to the logs to obtain sensitive credentials...
CVE-2025-33079
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...
CVE-2025-33079
IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...