Lucene search
K

3098 matches found

Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28113

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.7 views

EquityPandit 安全漏洞

EquityPandit is a service platform provided by EquityPandit Inc. that offers stock market analysis, investment advice, and market predictions. Version 1.0 of EquityPandit has a security vulnerability. This vulnerability stems from insecure logging practices, which could allow attackers to access...

8.7CVSS5.8AI score0.00273EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 12:16 a.m.6 views

CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25540

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

8.8CVSS0.00359EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:37 p.m.3 views

CVE-2019-25540 Netartmedia PHP Mall 4.1 Multiple SQL Injection

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

8.8CVSS5.9AI score0.00359EPSS
Exploits1References2
CVE
CVE
added 2026/03/12 3:37 p.m.15 views

CVE-2019-25540

Netartmedia PHP Mall 4.1 is affected by multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries via various parameters. The attacks can exfiltrate sensitive data, including user credentials and system information. The description does not specify...

8.8CVSS5.9AI score0.00359EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.2 views

CVE-2018-25187 Tina4 Stack 1.0.3 SQL Injection and Database File Download

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the men...

8.8CVSS5.9AI score0.00347EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25171

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...

8.8CVSS6.1AI score0.00281EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/04 8:16 a.m.4 views

CVE-2026-28778

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

9.8CVSS0.00849EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22881

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver affected versions not specified Description The IDC SFX Series SuperFlex Satellite Receiver is affected by hardcoded, insecure credentials for the xd user accoun...

7.9CVSS6.5AI score0.00849EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/02/27 7:38 p.m.3 views

CVE-2026-27793 Seerr has Broken Object-Level Authorization in User Profile Endpoint that Exposes Third-Party Notification Credentials

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.6 views

PT-2026-7084

Name of the Vulnerable Software and Affected Versions WAGO 0852-1322 affected versions not specified Description User credentials are stored using AES-ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernam...

9.8CVSS5.6AI score0.00328EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/02/06 11:14 p.m.4 views

CVE-2020-37163 QuickDate 1.3.2 - SQL Injection

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'located' parameter in the findmatches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name...

8.8CVSS5.9AI score0.0041EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 11:14 p.m.10 views

CVE-2020-37163

CVE-2020-37163 – QuickDate 1.3.2 suffers a SQL injection in the find_matches endpoint via the '_located' parameter, enabling UNION-based payloads to exfiltrate database information (credentials, DB name, system version). Evidence across sources confirms the vulnerable component and location of in...

8.8CVSS5.7AI score0.0041EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/06 6:52 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the UseRecoveryCode function, which fails to check the supplied userID before validating the second factor. A user in possession of the username and password of another user ca...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.97 views

VICIdial Sensitive Information Disclosure

VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...

6.6AI score
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.22 views

CVE-2026-25483

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...

6.2CVSS0.003EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/03 4:52 p.m.31 views

CVE-2020-37115 GUnet OpenEclass 1.7.3 E-learning platform - Plaintext Password Storage

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...

7.1CVSS0.00263EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

HotCRP Conference Review Software Cross-Site Script Vulnerabilities

HotCRP Conference Review Software is a software developed by Eddie Kohler. It is used to manage review processes, especially for academic conferences. The version of HotCRP Conference Review Software dated October 2025 to January 2026 contained a cross-site scripting vulnerability. This...

7.3CVSS5.6AI score0.00227EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.8 views

PT-2026-5279

Name of the Vulnerable Software and Affected Versions Ultimate Project Manager CRM PRO version 2.0.5 Description A blind SQL injection allows attackers to extract usernames and password hashes from the tbl users database table. This is achieved by crafting malicious search parameters at the...

8.2CVSS5.9AI score0.00221EPSS
Exploits0References5
Rows per page
Query Builder