333 matches found
CVE-2026-41879
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...
CVE-2026-13483
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...
CVE-2026-13483
The CVE affects arc53 DocsGPT (up to 0.18.0). The vulnerability lies in the Credential Storage component, specifically the encrypt_credentials function in application/security/encryption.py, causing insufficient verification of data authenticity. Exploitation is possible remotely with high attack...
PT-2026-53095
Name of the Vulnerable Software and Affected Versions arc53 DocsGPT versions prior to 0.18.1 Description An issue exists in the Credential Storage component within the encrypt credentials function of the application/security/encryption.py file. This flaw leads to insufficient verification of data...
CVE-2026-9650
CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the devic...
PT-2026-50493
Name of the Vulnerable Software and Affected Versions @mariozechner/pi-coding-agent versions 0.28.0 through 0.73.1 @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 Description A race condition in the file write path of the credential storage implementation allows the auth.json file,...
DEBIAN-CVE-2026-1836
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...
Security Bulletin: IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.
Summary IBM Security QRadar EDR Software is affected by a vulnerability where user credentials are stored in plain text, which could allow a local privileged user to access sensitive credential information. This vulnerability has been addressed in version 3.12.25. Vulnerability Details...
Amazon::Credentials 安全特征问题漏洞
Amazon::Credentials is a credential management library developed by BIGFOOT developers, used for managing access keys and authentication information for cloud services. Versions of Amazon::Credentials prior to 1.2.0 had security vulnerabilities. These vulnerabilities stemmed from the use of the...
EUVD-2026-23746
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...
CVE-2026-6597
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function removeapikeys/hasapiterms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...
Cross-site Request Forgery (CSRF)
Overview apache-airflow-providers-keycloak is a Provider package apache-airflow-providers-keycloak for Apache Airflow Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the login authentication process due to missing generation and validation of the OAuth 2.0...
CVE-2025-15622
The CVE-2025-15622 vectors/auth flow involve Sparx Systems Pty Ltd. Sparx Enterprise Architect desktop client exposing a plaintext OAuth2 client secret, which the client decodes and uses to exchange for access and ID tokens in the OpenID authentication flow. This is described as an Insufficiently...
CVE-2026-4242
A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of the component app.babychakra.babychakra. Performing a manipulation of the argument SEGMENTWRITEKE...
CVE-2026-32842
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
EUVD-2026-12655
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
CVE-2026-32842
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
CVE-2026-32842 Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
CVE-2026-32842
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
PT-2026-25948
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...