96 matches found
EUVD-2021-31830
Malicious code in bioql PyPI...
EUVD-2023-54393
Malicious code in bioql PyPI...
EUVD-2024-33431
Malicious code in bioql PyPI...
EUVD-2025-21644
Malicious code in bioql PyPI...
CVE-2025-30105
Dell XtremIO, versions 6.4.0-22, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access...
CVE-2025-53756 Cleartext Transmission Vulnerability in Digisol DG-GR6821AC Router
This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful exploitation of this...
CVE-2025-49618
In Plesk Obsidian 18.0.69, unauthenticated requests to /loginup.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint...
PT-2025-26934 · Snyk · Snyk Cli
Name of the Vulnerable Software and Affected Versions: snyk versions prior to 1.1297.3 Description: The issue allows for the insertion of sensitive information into log files through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line...
CVE-2024-20448
A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...
CVE-2022-34781
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-22303
An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file...
CVE-2018-20384
iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...
CVE-2025-46746
An administrator could discover another account's credentials...
GHSA-7M6V-Q233-Q9J9 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
Prevent token leakage / privilege escalation MinIO Operator STS: A Quick Overview MinIO Operator STS is a native IAM Authentication for Kubernetes. MinIO Operator offers support for Secure Tokens a.k.a. STS which are a form of temporary access credentials for your MinIO Tenant. In essence, this...
Intent-Aware Authorization for Zero Trust CI/CD
This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluat...
CVE-2025-2860
CVE-2025-2860 affects SaTECH BCU firmware 2.1.3. An authenticated attacker can access user credential information via a web-accessible path to an XML file, with access independent of user privileges (path must be known). The vulnerability is described across NVD/Red Hat and CVE records, indicatin...
CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic
A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...
CVE-2024-33470
An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
The vulnerability of the Yealink Meeting Server lies in the insufficient protection of operational data, which allows attackers to gain access to user authentication information.
The vulnerability of the Yealink Meeting Server lies in the insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor to gain access to user authentication credentials remotely...
CVE-2024-25654
Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...