1240 matches found
CVE-2025-62181
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated...
CVE-2025-62181 Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated...
CVE-2025-66039
CVE-2025-66039 affects FreePBX Endpoint Manager. The vulnerability is an authentication bypass when the Webserver Authorization Mode is enabled: sending an Authorization header with an arbitrary value associates a session with the target user despite valid credentials. This can lead to unauthoriz...
Flowise Custom MCP Remote Code Execution
This module exploits a remote code execution vulnerability in Flowise versions = 2.2.7-patch.1 and use exploit/multi/http/flowisecustommcprce msf exploitflowisecustommcprce show targets ...targets... msf exploitflowisecustommcprce set TARGET msf exploitflowisecustommcprce show options ...show and...
CVE-2025-62232
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit:...
CLSA-2025-1762437868 cups: Fix of CVE-2025-58060
CVE-2025-58060: fix authentication bypass by checking password when AuthType is set to anything but Basic...
BIT-APISIX-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
EUVD-2025-37317
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232
Apache APISIX is affected by a logging-related data exposure (CVE-2025-62232) where basic-auth credentials are written in plaintext to error logs and forwarded to log sinks when the log level is INFO/DEBUG. The issue is caused by logging sensitive data during normal operation, creating a high ris...
Apache Apisix 安全漏洞
Apache Apisix is a cloud-native microservices API gateway service from the Apache USA Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plugin hot loading, suitable for API management under the microservices system. A security vulnerability exists in...
PT-2025-44457
Name of the Vulnerable Software and Affected Versions Apache APISIX versions prior to 3.14 Description A flaw exists where sensitive data, specifically usernames and passwords used in basic authentication, are exposed through logging. When the log level is set to INFO or DEBUG, these credentials...
SUSE-SU-2025:3809-1 Security update for rabbitmq-server
This update for rabbitmq-server fixes the following issues: - CVE-2025-50200: prevented logging of Basic Auth header from HTTP requests bsc1245105 - fixed a bad logrotate configuration that allowed escalation from rabbitmq to root, /var/log/rabbitmq ownership is now 750 bsc1246091...
PT-2025-43380
Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.12.0 and earlier Description A flaw in the temporary access workflow permits a user with basic authentication to approve their own temporary access requests or those of other users. This can lead to...
CVE-2025-55035
Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having th...
EUVD-2025-34773
Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having th...
CVE-2025-55035
Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having th...
CVE-2025-55035
Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having th...
CVE-2025-55035
Mattermost Desktop App versions