CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2023-22949

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

CVE-2023-3684

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

CVE-2022-28168

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords...

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...

CVE-2022-3206

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked...

CVE-2021-3131

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter...

CVE-2020-11821

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...

CVE-2020-29134

The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...

CVE-2018-19748

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug=admin=index=attachment= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a directory travers...

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs...

Exploit for CVE-2024-32830

CVE-2024-32830-poc PoC code to download files with CVE-2024-32...

JetBrains TeamCity < 2025.03 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.03. It is, therefore, affected by a vulnerability as referenced in the TeamCity202503 advisory. - In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log CVE-2025-31139 - In JetBrain...

Arbitary file read through path traversal

Description: The code in genericutils.py has a path traversal vulnerability, which allows an attacker to control the file path provided to the ImageDocument class. This can lead to the reading of arbitrary files on the server, including sensitive system files, through base64 encoding and decoding...

The vulnerability of the CI/CD application integration and delivery system of JetBrains TeamCity, related to the disclosure of information through registration files, allows a hacker to disclose protected information.

The vulnerability of the Continuous Integration and Deployment Application Delivery system CI/CD of JetBrains TeamCity is related to the disclosure of information through registration files due to incorrect encoding based on the base64 standard. Exploiting this vulnerability can allow a malicious...

UBUNTU-CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

Horovod 命令注入漏洞

Horovod is a distributed training framework for TensorFlow, Keras, PyTorc h and Apache MXNet open-sourced by Horovod. A command injection vulnerability exists in Horovod v0.28.1 and earlier versions, which stems from ElasticRendezvousHandler mishandling base64-encoded data, which could lead to...

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild

A devastating new remote code execution RCE vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857, is already available online:...