4774 matches found
CVE-2021-27187
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked...
CVE-2021-33024
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval...
CVE-2019-18252
BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure...
CVE-2024-34025
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges...
CVE-2019-25278 FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...
CVE-2025-1531
Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00...
CVE-2020-36914
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...
CVE-2020-36917
iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...
CVE-2020-36914
CVE-2020-36914 affects QiHang Media Web Digital Signage 3.0.9. The issue is a sensitive information disclosure where authentication credentials can be intercepted because cookies are transmitted in cleartext, enabling potential MITM attackers to capture stored credentials. The sources consistentl...
CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...
Information Leakage in Grafana Alerting
In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00689)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
squid: Fix of CVE-2025-62168
CVE-2025-62168: Fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...
CLSA-2025-1763388821 squid34: Fix of CVE-2025-62168
CVE-2025-62168: Redact HTTP authentication credentials in error handling to prevent information disclosure...
CLSA-2025-1763031041 squid: Fix of CVE-2025-62168
CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...
squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling
A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...
squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling
A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...
squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling
A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...
SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2025:4026-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:4026-1 advisory. - CVE-2025-62168: Fixed failure to redact HTTP authentication credentials in error handling leading to information disclosure...
squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling
A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...