@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

GHSA-CQMH-PCGR-Q42F @axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

JLSEC-2026-420 When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could...

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user...

VulnCheck KEV: CVE-2026-20128

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

CVE-2026-20128

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

EUVD-2026-8676

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This...

CVE-2026-20128

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

CVE-2026-20128

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

CVE-2026-20128 Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

CVE-2026-20128

CVE-2026-20128 affects Cisco Catalyst SD-WAN Manager: Data Collection Agent stores the DCA password in a recoverable credential file on the filesystem, enabling an authenticated, local attacker with valid vManage credentials to read the file and gain DCA user privileges, potentially compromising ...

PT-2026-21955

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 20.18 Description A flaw in the Data Collection Agent DCA feature allows an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This issue is caused by the presenc...

CVE-2024-32010

CVE-2024-32010 affects Siemens Spectrum Power 4 (versions before 4.70 SP12 Update 2). Affected component: world-readable credential file exposing database credentials, enabling a privileged application user to connect to the database and execute system commands. Additional context from connected ...

CVE-2024-32010

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...

EUVD-2024-29848

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...

EUVD-2014-2418

Malware in sbrugna...

EUVD-2014-2417

Malware in sbrugna...

CVE-2022-4945

The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud...

ALPINE-CVE-2022-29869

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign characters but is not a valid credentials file...

Debian DLA-75-1 : mysql-5.1 security update

CVE-2014-4274 Insecure handling of a temporary file that could lead to abritrary execution of code through the creation of a mysql configuration file pointing to an attacker-controlled plugindir. CVE-2013-2162 Insecure creation of the debian.cnf credential file. Credentials could be stolen by a...