CVE-2025-59406

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected,...

PT-2025-42624

Name of the Vulnerable Software and Affected Versions Squid versions prior to 7.2 Squid versions 3.x through 3.5.28 Squid versions 4.x through 4.17 Squid versions 5.x through 5.9 Squid versions 6.x through 6.14 Squid versions 7.x through 7.1 Description Squid, a caching proxy for the Web, contain...

Linux Distros Unpatched Vulnerability : CVE-2015-3754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authenticati...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2025-45466

Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...

CVE-2025-45466

Unitree Go1 = Go120220511 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext...

CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

Endress+Hauser MEAC300-FNADE4 Cross-Site Scripting Vulnerability

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. The Endress+Hauser MEAC300-FNADE4 is vulnerable to a cross-site scripting vulnerability due to improper validation of user input via dashboard name. An attacker could exploit the...

Mozilla Firefox and Firefox ESR Cross-Site Scripting Vulnerability (CNVD-2025-15493)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A cross-site scripting vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by an attacker to steal a victim's cookie-based authentication credential...

BIT-GITLAB-2024-7586 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...

CVE-2024-7586

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...

UBUNTU-CVE-2024-7586

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...

CVE-2024-7586

Removed by vendor...

CVE-2025-49593

CVE-2025-49593 affects Portainer Community Edition prior to STS 2.31.0 and LTS 2.27.7. When an administrator is convinced to register a malicious container registry (or an existing registry is taken over), HTTP Headers including registry credentials and Portainer session tokens may be leaked to t...

CVE-2025-49593 Portainer HTTP Headers May Leak to Malicious Container Registries

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a maliciou...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Sensitive Information Disclosure

yiisoft/yii2-redis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to information disclosure due to authentication credentials username and password being logged in plain text during failed connection attempts...

PT-2025-23100 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the TeleMessage service relying on client-side MD5 hashing for authentication credentials. This has been exploited in the wild. The service accepts the hash as the...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier that stems from relying on the client to perform MD5 hashing and accept the hash as authentication credentials...

CVE-2024-22345

IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192...