CVE-2026-6848

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

Ubuntu: Security Advisory (USN-7964-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Git vulnerabilities (USN-7964-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7964-1 advisory. It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use...

USN-7964-1 git vulnerabilities

It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. CVE-2024-50349 It was discovered that Git did not properly handle carriage return characters in it...

RHEL 9 : git (RHSA-2025:19601)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19601 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-serv...

EUVD-2024-44589

Malicious code in bioql PyPI...

PT-2025-37918

Name of the Vulnerable Software and Affected Versions: Sparkle versions prior to 2.7.2 Description: The Sparkle framework’s Autoupdate tool lacks authentication for connecting clients. This allows a local, unprivileged attacker to request the installation of a crafted malicious PKG file, leading ...

Malicious Package

Overview tidpz is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...

git: Git does not sanitize URLs when asking for credentials interactively

A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...

SUSE CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

ALPINE-CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

CVE-2024-50349 Git does not sanitize URLs when asking for credentials interactively

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

UBUNTU-CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

Error: "Cannot connect to server. Try again in a few minutes" on StoreFront

End-user is unable to add Store into Receiver, unless the full Store path is appended. Example https://SF-FQDN/Citrix/; - Add Store is successful https://SF-FQDN - Add Store fails: After user gets prompted for credentials, an error message appears: "Cannot connect to server. Try again in a few...

Microsoft Surface Hub Security Feature Bypass Vulnerability

Surface Hub is a smart, multi-touch, large-screen collaboration device. Surface Hub has a security feature bypass vulnerability in the input credential prompt. An attacker could exploit the vulnerability to access settings that are accessible to administrators...

Default credentials

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

CVE-2019-10676

An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within t...

March 22, 2018—KB4089848 (OS Build 16299.334)

March 22, 2018—KB4089848 OS Build 16299.334 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue with a GDI handle leak in the Windows Ribbon control. Addresses issue where user...