Lucene search
+L

96 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-31830

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00906EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-54393

Malicious code in bioql PyPI...

7.4CVSS6.7AI score0.00611EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-33431

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.0111EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-21644

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00091EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.6 views

CVE-2025-30105

Dell XtremIO, versions 6.4.0-22, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access...

8.8CVSS6AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 11:21 a.m.15 views

CVE-2025-53756 Cleartext Transmission Vulnerability in Digisol DG-GR6821AC Router

This vulnerability exists in Digisol DG-GR6821AC Router due to cleartext transmission of credentials in its web management interface. A remote attacker could exploit this vulnerability by intercepting the network traffic and capturing cleartext credentials. Successful exploitation of this...

8.7CVSS0.00265EPSS
Exploits0References1
NVD
NVD
added 2025/07/03 1:15 p.m.22 views

CVE-2025-49618

In Plesk Obsidian 18.0.69, unauthenticated requests to /loginup.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint...

5.8CVSS0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.4 views

PT-2025-26934 · Snyk · Snyk Cli

Name of the Vulnerable Software and Affected Versions: snyk versions prior to 1.1297.3 Description: The issue allows for the insertion of sensitive information into log files through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line...

7.2CVSS6.1AI score0.00151EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.14 views

CVE-2024-20448

A vulnerability in the Cisco Nexus Dashboard Fabric Controller NDFC software, formerly Cisco Data Center Network Manager DCNM, could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within conf...

8.6CVSS6.2AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.7 views

CVE-2022-34781

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.5AI score0.00651EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:48 p.m.8 views

CVE-2022-22303

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file...

5.5CVSS6.5AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:59 p.m.12 views

CVE-2018-20384

iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

9.8CVSS7.3AI score0.01513EPSS
Exploits1References1
NVD
NVD
added 2025/05/12 5:15 p.m.15 views

CVE-2025-46746

An administrator could discover another account's credentials...

5.8CVSS0.00246EPSS
Exploits0References1
OSV
OSV
added 2025/04/21 10:51 p.m.13 views

GHSA-7M6V-Q233-Q9J9 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS

Prevent token leakage / privilege escalation MinIO Operator STS: A Quick Overview MinIO Operator STS is a native IAM Authentication for Kubernetes. MinIO Operator offers support for Secure Tokens a.k.a. STS which are a form of temporary access credentials for your MinIO Tenant. In essence, this...

6.9CVSS7.6AI score0.00573EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/04/20 12:0 a.m.8 views

Intent-Aware Authorization for Zero Trust CI/CD

This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluat...

6.9AI score
Exploits0
CVE
CVE
added 2025/03/28 1:10 p.m.53 views

CVE-2025-2860

CVE-2025-2860 affects SaTECH BCU firmware 2.1.3. An authenticated attacker can access user credential information via a web-accessible path to an XML file, with access independent of user privileges (path must be known). The vulnerability is described across NVD/Red Hat and CVE records, indicatin...

6.9CVSS6.8AI score0.00309EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/03/20 10:11 a.m.3 views

CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

6.5CVSS6.7AI score0.00772EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/14 3:51 a.m.10 views

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

4.9CVSS7AI score0.0024EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/09/18 12:0 a.m.8 views

The vulnerability of the Yealink Meeting Server lies in the insufficient protection of operational data, which allows attackers to gain access to user authentication information.

The vulnerability of the Yealink Meeting Server lies in the insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor to gain access to user authentication credentials remotely...

6.5CVSS5.4AI score0.00373EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/18 12:0 a.m.21 views

CVE-2024-25654

Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...

6.4AI score0.00214EPSS
Exploits1References1
Rows per page
Query Builder