Lucene search
K

114 matches found

CVE
CVE
added 2026/02/13 8:53 p.m.14 views

CVE-2026-26334

Affected software: Calero VeraSMART (versions prior to 2026 R1). Vulnerability: Hardcoded static AES keys present within Veramark.Framework.dll (Veramark.Core.Config class) are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. Impact chain: An attacker ...

8.5CVSS5.6AI score0.00087EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/13 8:53 p.m.6 views

CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

8.5CVSS5.6AI score0.00087EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/13 8:53 p.m.23 views

CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

8.5CVSS0.00087EPSS
Exploits0References2
NVD
NVD
added 2026/02/05 12:16 p.m.8 views

CVE-2026-1966

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

2.4CVSS0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 11:38 a.m.5 views

CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

2.4CVSS5.4AI score0.00163EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/05 11:38 a.m.3 views

CVE-2026-1966

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

2.4CVSS5.4AI score0.00163EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.11 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering,...

3.2CVSS5.8AI score0.00106EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.10 views

PT-2026-6632

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...

3.2CVSS5.5AI score0.00106EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.8 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS5.4AI score0.00383EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.6 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS0.00383EPSS
Exploits1References2
CVE
CVE
added 2026/02/03 12:0 a.m.17 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS version 3.9.2 is vulnerable to unauthenticated remote access to the /script/.env file. The exposure reveals sensitive data including the Laravel APP_KEY, database credentials, SMTP/SendGrid API credentials, and internal configuration parameters, ...

10CVSS5.5AI score0.00383EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/01/11 11:0 p.m.3 views

Malicious Package

Overview n8n-nodes-rooyai-model is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of the...

9.8CVSS6.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.10 views

CVE-2019-16568

Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations...

5.3CVSS6.8AI score0.00576EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.7 views

CVE-2025-1711

Multiple services of the DUT as well as different scopes of the same service reuse the same credentials...

4.3CVSS6.5AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2025/12/30 1:49 a.m.4 views

GO-2025-4257 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda

KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda...

8.2CVSS6.6AI score0.00433EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 6:15 p.m.4 views

CVE-2025-59923

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

2.7CVSS5.8AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 5:18 p.m.18 views

CVE-2025-59923

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

2.7CVSS0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50122

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

2.7CVSS6.7AI score0.00186EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.15 views

Devolutions Server < 2025.2.21 / 2025.3.x < 2025.3.9 Multiple Vulnerabilities (DEVO-2025-0018)

The version of Devolutions Server installed on the remote host is prior to 2025.2.21, or 2025.3.x prior to 2025.3.8, and is, therefore, affected by multiple vulnerabilities: - SQL Injection vulnerability in last usage logs in Devolutions Server. This issue affects Devolutions Server: through...

8.8CVSS5.9AI score0.00524EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/27 3:30 p.m.9 views

CVE-2025-13765

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...

0.00326EPSS
Exploits0References1
Rows per page
Query Builder