CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/09 8:34 a.m.•6 views

CVE-2024-34025

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges...

9.8CVSS7.2AI score0.00028EPSS

Vulnrichment•added 2026/01/07 11:9 p.m.•1 views

CVE-2019-25278 FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...

9.1CVSS6.5AI score0.00038EPSS

Exploits2References3

RedhatCVE•added 2026/01/07 9:18 a.m.•15 views

CVE-2025-1531

Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00...

6.5CVSS7AI score0.00144EPSS

NVD•added 2026/01/06 4:15 p.m.•2 views

CVE-2020-36917

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...

8.6CVSS0.00084EPSS

NVD•added 2026/01/06 4:15 p.m.•2 views

CVE-2020-36914

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...

8.6CVSS0.00042EPSS

CVE•added 2026/01/06 3:53 p.m.•7 views

CVE-2020-36914

CVE-2020-36914 affects QiHang Media Web Digital Signage 3.0.9. The issue is a sensitive information disclosure where authentication credentials can be intercepted because cookies are transmitted in cleartext, enabling potential MITM attackers to capture stored credentials. The sources consistentl...

8.6CVSS6AI score0.00042EPSS

Cvelist•added 2026/01/06 3:53 p.m.•24 views

CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure

8.6CVSS0.00042EPSS

Grafana•added 2025/12/16 12:0 a.m.•5 views

Information Leakage in Grafana Alerting

In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...

6.5CVSS5.8AI score0.00066EPSS

Exploits0

CNVD•added 2025/12/15 12:0 a.m.•2 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00689)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00025EPSS

CloudLinux•added 2025/11/19 9:9 a.m.•5 views

squid: Fix of CVE-2025-62168

CVE-2025-62168: Fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...

10CVSS6.7AI score0.16244EPSS

Exploits1

OSV•added 2025/11/17 2:13 p.m.•4 views

CLSA-2025-1763388821 squid34: Fix of CVE-2025-62168

CVE-2025-62168: Redact HTTP authentication credentials in error handling to prevent information disclosure...

10CVSS7.3AI score0.16244EPSS

Exploits1References1

OSV•added 2025/11/14 2:25 p.m.•2 views

CLSA-2025-1763031041 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...

RedHat Linux•added 2025/11/12 8:3 a.m.•3 views

Exploits1References1

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

RedHat Linux•added 2025/11/12 2:47 a.m.•3 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

RedHat Linux•added 2025/11/11 7:17 p.m.•7 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

Tenable Nessus•added 2025/11/11 12:0 a.m.•1 views

SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2025:4026-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4026-1 advisory. - CVE-2025-62168: Fixed failure to redact HTTP authentication credentials in error handling leading to information disclosure...

10CVSS5.5AI score0.16244EPSS

Exploits1References4

RedHat Linux•added 2025/11/10 8:1 a.m.•3 views

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling