Lucene search
K

304 matches found

RedHat Linux
RedHat Linux
added 2025/07/29 8:15 a.m.5 views

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

9.8CVSS7.3AI score0.00431EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/07/28 1:21 a.m.6 views

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

9.8CVSS7.3AI score0.00431EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/07/24 3:45 p.m.5 views

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

9.8CVSS7.3AI score0.00431EPSS
Exploits0References6
OSV
OSV
added 2025/07/22 9:15 p.m.2 views

DEBIAN-CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

9.8CVSS8.4AI score0.00431EPSS
Exploits0References1
OSV
OSV
added 2025/07/22 9:15 p.m.6 views

UBUNTU-CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

9.8CVSS7.3AI score0.00431EPSS
Exploits0References13
OSV
OSV
added 2025/07/14 9:15 a.m.3 views

CVE-2025-7587

A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cover.php. The manipulation of the argument uname/psw leads to sql injection. The attack may be launched remotely. The...

9.8CVSS6.8AI score0.00428EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.4 views

Code-Projects Online Appointment Booking System 注入漏洞

Online Appointment Booking System is an online appointment booking system. The Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uname/psw in the file /cover.php. The...

9.8CVSS7.8AI score0.00428EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.4 views

Code-Projects Online Note Sharing 注入漏洞

Code-Projects Online Note Sharing is an online note sharing software from Code-Projects open source. Code-Projects Online Note Sharing version 1.0 suffers from an injection vulnerability, which stems from an incorrect manipulation of the parameters username/password in the file /login.php resulti...

9.8CVSS8AI score0.00399EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:25 a.m.8 views

CVE-2024-31970

AdTran SRG 834-5 HDC17600021F1 devices with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1 have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with...

8.8CVSS8AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-1190

A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been...

5.5CVSS6.2AI score0.00303EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.7 views

CVE-2024-48460

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails...

4.3CVSS6.5AI score0.00346EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/23 12:0 a.m.8 views

CVE-2024-51102

PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters...

5.7AI score0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:19 p.m.9 views

CVE-2021-32571

In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported ...

4.9CVSS6.9AI score0.00826EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.8 views

CVE-2021-20171

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device...

5.5CVSS6.6AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:29 a.m.10 views

CVE-2019-5627

The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The...

7.8CVSS6.8AI score0.00351EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:49 a.m.8 views

CVE-2017-7722

In SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" the default username and password. By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the...

10CVSS6.8AI score0.1273EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.15 views

CVE-2010-4733

WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a...

10CVSS6.5AI score0.03361EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:13 p.m.6 views

CVE-2005-4767

BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password...

5.1CVSS7AI score0.01401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:10 p.m.4 views

CVE-2005-2866

Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges...

4.6CVSS6.9AI score0.00689EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 8:35 p.m.29 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

0.00224EPSS
Exploits0References1
Rows per page
Query Builder