CVE-2026-6553

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

PT-2026-44732

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.4 Description An authenticated user can perform an arbitrary read of any file accessible by the Arcane backend process. This occurs because the ProjectService.CreateProject function writes attacker-supplied compos...

CVE-2026-6553

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

CVE-2026-6553 TYPO3 CMS Stores Cleartext Password in User Settings Module

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

EUVD-2009-4674

Malware in sbrugna...

PT-2024-33488 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: Pimcore portal engine versions prior to 4.1.7 Pimcore portal engine versions prior to 3.1.16 Description: The issue affects Pimcore, an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser...

GHSA-4XW6-HJ5P-4J79 OpenStack Glance sensitive information disclosure via logs

OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...

PT-2020-12524 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 10.4.0 through 10.4.1 Description: The issue allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts using time-based attacks with the password reset functionality for backend...

Vano enterprise website management system (PHP version) there are logic flaws vulnerability

Vanno enterprise website management system PHP version is a php+MySQL development of php enterprise website management system. Vanno enterprise website management system PHP version has a logic flaw vulnerability. An attacker can exploit the vulnerability to obtain the backend account password by...

CVE-2014-1948

OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...

PYSEC-2014-102

OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...

CVE-2009-4710

SQL injection vulnerability in the Reset backend password cwtresetbepassword extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the Reset backend password cwtresetbepassword extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

ASP.NET path validation vulnerability-vulnerability warning-the black bar safety net

P. S This vulnerability is a little outlandish. the Huh. But domestic seems no one has been filed. This are 0 to 5 years of vulnerability. Last year I take to the data. However. There is no day to several stations. As if all the patched. Pity. in. Found late. Look at the ms to the announcement...

bbsxp sql latest version and then burst 0day?- Vulnerability warning-the black bar safety net

bbsxp some time ago a log injection vulnerability, this vulnerability is still present in this place. sub LogMessage if Request. ServerVariables"QueryString""" then QueryString="?"& amp;Request. ServerVariables"QueryString"&"" Conn. Execute"insert into BBSXPLog...