Lucene search
K

2416 matches found

Nuclei
Nuclei
added yesterday31 views

Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS7.3AI score0.85619EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday14 views

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6.5AI score0.03559EPSS
Exploits1References3
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-59712 Leantime - Credential Disclosure via Unauthenticated JSON-RPC users.getUser Method

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...

8.6CVSS0.0025EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-59712

According to the connected NVD records, CVE-2026-59712 affects Leantime’s JSON-RPC API via the Users::getUser method. The vulnerability arises from missing authorization checks, enabling authenticated users to call users.getUser with arbitrary user IDs and enumerate accounts. The outcome is expos...

8.6CVSS6AI score0.0025EPSS
Exploits0References4
Nuclei
Nuclei
added 6 days ago69 views

Crestron Device - Credentials Disclosure

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

10CVSS7.3AI score0.75711EPSS
Exploits5References5
NVD
NVD
added last week11 views

CVE-2026-7830

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS0.00183EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 3:33 a.m.6 views

EUVD-2026-40882

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54486

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description Inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNC MsLogonIIAuth allows a network attacker to disclose credentials. In the file rfb/dh.cpp, the Diffie-Hellman key exchang...

7.4CVSS5.9AI score0.00183EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 9:16 p.m.6 views

CVE-2025-36323

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:22 p.m.12 views

CVE-2025-36320

IBM watsonx.data intelligence (versions 5.2.0, 5.2.1, 5.2.2, 5.3.0) is described as vulnerable to stored cross-site scripting. The vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leading to credentials disclosure ...

6.4CVSS5.5AI score0.00257EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:22 p.m.35 views

CVE-2025-36320 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:19 p.m.6 views

EUVD-2025-210380

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.5AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:11 p.m.7 views

EUVD-2026-40380

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53949

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Authenticated attackers can execute arbitrary OS commands and read sensitive files, including credentials. This can lead to complete system compromise and lateral movement within the...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53975

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An issue exists where an authenticated user can embed arbitrary JavaScript code into the Web UI. This stored cross-site scripting XSS allows for the alteration of intended...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

libcurl 7.10.6 < 8.21.0 Cross-Origin Digest Auth State Leak

The version of libcurl installed on the remote host is 7.10.6 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - Successfully using libcurl with Digest authentication and then changing the origin to a different host for a second transfer, reusing the same...

9.8CVSS5.8AI score0.00754EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.25 views

libcurl 8.8.0 < 8.21.0 Stale Proxy Password Leak

The version of libcurl installed on the remote host is 8.8.0 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - libcurl had a flaw that when instructed to clear proxy authentication credentials, it did not do so, leaving the old credentials around to get used...

9.8CVSS5.9AI score0.00754EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

Curl 8.11.1 < 8.21.0 Netrc Password Leak

The version of curl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username, curl could wrongly get and use the...

9.1CVSS5.9AI score0.00479EPSS
Exploits1References2
NVD
NVD
added 2026/06/22 2:16 p.m.11 views

CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS0.00139EPSS
Exploits0References1
Rows per page
Query Builder