Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the removeapikeys and hasapiterms functions of the Flow Using API component. An attacker can access sensitive credential information by exploiting unprotected storage mechanisms remotely. Remediation Upgrade...

CVE-2026-6597 langflow-ai langflow Flow Using API core.py has_api_terms credentials storage

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

CVE-2026-6597

langflow-ai (Flow Using API) up to version 1.8.3 is affected by CVE-2026-6597. The vulnerability resides in the code path src/backend/base/langflow/api/utils/core.py, specifically the remove_api_keys/has_api_terms functions, which enables unprotected storage of credentials. The issue can be explo...

cveClient 安全漏洞

cveClient is an open-source browser-based CVE record management client developed by the CERT Coordination Center CERT/CC. cveClient has a security vulnerability, which stems from the unprotected storage of API keys in the browser client, potentially leading to credential exposure...

CVE-2026-4251 CityData CityChat ai.citydata.citychat credentials.json credentials storage

A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...

CVE-2026-4250 Albert Sağlık Hizmetleri ve Ticaret Albert Health Google Cloud Service Account Key service-account.json credentials storage

A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected...

CVE-2020-7307

Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention DLP for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials...

CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

EUVD-2020-20065

Malware in sbrugna...

EUVD-2018-5758

Malware in sbrugna...

CVE-2025-4286

A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to...

Intimate images from kink and LGBTQ+ dating apps left exposed online

A researcher found millions of pictures from specialized dating apps for iOS stored online without any kind of password protection. The pictures, some of which are explicit, stem from dating apps that all have a specific audience. The five platforms, all developed by M.A.D. Mobile are kink sites...

CVE-2025-2355

A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCSTOKEN/SECRETKEY leads to unprotected storage of credentials. Local access is...

CVE-2019-3663

Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense ATD prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further investigation has resulted i...

CVE-2024-38877

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 Domain Controller R9.2 All versions, Omnivise T3000 Network Intrusion Detection System NIDS R9.2 All versions, Omnivise T3000 Product Data Management PDM R9.2 All versions, Omnivise T3000 R8...

WordPress WP-Members Membership Plugin plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files vulnerability

Unprotected Storage of Potentially Sensitive Files vulnerability discovered by Tim Coen in WordPress Plugin WP-Members versions = 3.4.9.3...

CVE-2022-39820

In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom199/OTNEDRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /ro...

CVE-2022-39820

In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom199/OTNEDRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /ro...

Design/Logic Flaw

In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom199/OTNEDRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /ro...

CVE-2022-39820

In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom199/OTNEDRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /ro...