Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2025/10/06 7:1 a.m.3 views

CVE-2025-58584 Plain Text Transmission of Username and Password in the URL

In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally...

5.3CVSS6.4AI score0.00363EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.9 views

PT-2025-40864

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The username and password are sent directly in the URL as parameters within HTTP requests. This practice poses a significant risk of sensitive data disclosure, as URLs may be stored in server logs,...

5.3CVSS6.3AI score0.00363EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/08/06 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2025-1848)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.2AI score0.0111EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.1 views

SUSE CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

5.5CVSS6.8AI score0.00417EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2021/10/29 12:0 a.m.4 views

The vulnerability of the software for interacting with servers via CURL, related to the disclosure of information, allows attackers to gain access to confidential data.

The vulnerability of the software for interacting with servers via CURL is related to the absence of a mechanism for deleting user credentials from the URL. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data...

5.3CVSS6.6AI score0.05301EPSS
Exploits1References14Affected Software7
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2017-7762

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...

7.5CVSS7.3AI score0.01945EPSS
Exploits1References6
Rows per page
Query Builder