CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2025/12/18 12:0 a.m.•148 views

📄 Headlamp 0.38.0 Credential Reuse

A security issue was discovered in the in-cluster version of Headlamp where unauthenticated users may be able to reuse cached credentials to access Helm functionality through the Headlamp UI. Kubernetes clusters are only affected if Headlamp is installed, is configured with config.enableHelm: tru...

6.9AI score

Exploits2

RedhatCVE•added 2025/10/08 8:19 p.m.•2 views

CVE-2025-37728

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access...

5.4CVSS6.8AI score0.00026EPSS

NVD•added 2025/10/07 2:15 p.m.•3 views

CVE-2025-37728

5.4CVSS0.00026EPSS

EUVD•added 2025/10/07 1:54 p.m.•3 views

EUVD-2025-32872

5.4CVSS6.3AI score0.00026EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-3525

Malware in sbrugna...

4CVSS8.5AI score0.03375EPSS

Exploits0References20

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-10795

Malware in sbrugna...

7.8CVSS7.7AI score0.00103EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-3595

Malware in sbrugna...

7.2CVSS6.2AI score0.00058EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2020-20381

Malware in sbrugna...

7.5CVSS7.5AI score0.00276EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-46010

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00151EPSS

RedhatCVE•added 2025/05/22 11:55 p.m.•5 views

CVE-2022-42955

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...

7.5CVSS6.8AI score0.00151EPSS

RedhatCVE•added 2025/05/22 4:53 p.m.•6 views

CVE-2020-9042

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...

8.8CVSS6.9AI score0.00148EPSS

RedhatCVE•added 2025/05/22 3:26 p.m.•5 views

CVE-2020-27888

An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access...

7.5CVSS7AI score0.00276EPSS

RedhatCVE•added 2025/05/22 3:20 p.m.•5 views

CVE-2020-2301

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode...

9.8CVSS7AI score0.00181EPSS

Citrix•added 2025/05/01 12:0 a.m.•6 views

Citrix FAS Cloud: Session logon hangs after password change when launching application

User has the password expired or "set at next logon" flag is set. However, user is able to login to workspace due to the cached credentials being used. When user launches an app they are prompted to change their AD password. Once this is complete, message to confirm password change is successful,...

7.3AI score

Snyk•added 2025/04/22 4:56 p.m.•1 views

Incorrect Implementation of Authentication Algorithm

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to persisting authentication data in a cache when performing ConvertUserToBot. A user who...

5.4CVSS7.1AI score0.00141EPSS

Exploits0References3

Tenable Nessus•added 2024/06/03 12:0 a.m.•16 views

RHEL 5 : subversion (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - subversion: Command injection through clients via malicious svn+ssh URLs CVE-2017-9800 - Svnserve in Apac...

9.8CVSS8.9AI score0.67275EPSS

Exploits3References9

Kitploit•added 2024/05/23 12:30 p.m.•35 views

Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry

Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...

7.3AI score

SUSE CVE•added 2023/02/15 5:28 a.m.•1 views

SUSE CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm...

4CVSS7AI score0.03375EPSS

Exploits0References6

NVD•added 2022/11/07 1:15 p.m.•8 views

CVE-2022-42955

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...

7.5CVSS0.00151EPSS