CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

EUVD-2003-1085

Malware in sbrugna...

CVE-2025-9240

A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

UBUNTU-CVE-2021-3573

A use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hciunregisterdev together with one of the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo,...

IBM Rational License Key Server Administration and Reporting Tool Information Disclosure Vulnerability

IBM Rational License Key Server Administration and Reporting Tool is a license administration and reporting tool. A security vulnerability in IBM Rational License Key Server Administration and Reporting Tool allows remote attackers to exploit the vulnerability to obtain cookie-based authenticatio...

CVE-2001-1532

WebX stores authentication information in the HTTPREFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions...

CVE-2004-2210

Technical details about CVE-2004-2210 are not publicly available in the provided Connected documents. Monitor for updates from vendors and security advisories.

CVE-2002-0292

The CVE-2002-0292 entry describes a cross-site scripting (XSS) vulnerability in Slash before 2.2.5 (used in Slashcode and related projects). The issue allows remote attackers to steal cookies and authentication information from other users by injecting JavaScript into a URL (potentially via the f...

CVE-2001-0990

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, stores authentication data in cleartext inside the libvpopmail.a library. This enables local users to recover MySQL credentials by inspecting vpopmail programs linked against the library. Affected component: vpopmail (MySQL module)...

CVE-2001-0496

kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges...

CVE-2001-0496

CVE-2001-0496 affects the kdesu component of kdelibs. Affected software creates world-readable temporary files that contain authentication information, enabling a local attacker to gain privileges on the system. The Mandrake advisory MDKSA-2001:046-3 describes the issue and provides updated packa...