TYPO3 CMS Stores Cleartext Password in User Settings Module

Problem The backend user settings module SetupModuleController incorrectly conflates entity data like passwords or email address with user-interface settings like theme, display options when persisting changes. As a result, passwords were stored in cleartext in the uc and usersettings fields of t...

CVE-2026-6553 TYPO3 CMS Stores Cleartext Password in User Settings Module

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

CVE-2026-6553

TYPO3 CMS 14.2.0 is affected by CVE-2026-6553 where changing backend users’ passwords via the user settings module stores the cleartext password in the be_users.uc and be_users.user_settings fields. The root cause is plaintext password storage in these fields, leading to exposure of credentials. ...

PT-2026-33927

Name of the Vulnerable Software and Affected Versions TYPO3 CMS version 14.2.0 Description Changing backend users passwords through the user settings module causes the cleartext password to be stored in the uc and user settings fields of the be users database table. Recommendations At the moment,...

PT-2026-32230

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-5453

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-5453

Summary: CVE-2026-5453 affects the Android app “Rico só vantagem pra investir” up to version 4.58.32.12421. The vulnerability concerns the component br.com.rico.mobile SegmentSettingsModule.java, where manipulation of the argument SEGMENT_WRITE_KEY leads to use of a hard-coded cryptographic key. ...

PT-2026-29986

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT WRITE KEY lead...

CVE-2026-0011

In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field...

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-00138)

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...

CVE-2025-58302

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-58302

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-58302

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-58302

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-58302

Huawei HarmonyOS/EMUI exposes a privilege control vulnerability in the Settings module due to improper privilege control, leading to potential confidential data exposure (Impact: HIGH). Affected: HarmonyOS/EMUI settings subsystem; root cause described as privilege control flaw. Exploitation detai...

EUVD-2025-199860

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-58302

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2025-48305

Name of the Vulnerable Software and Affected Versions Settings module affected versions not specified Description A permission control issue exists within the Settings module that could impact the confidentiality of the service. Successful exploitation of this issue may lead to unauthorized acces...