CVE-2025-58741

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

EUVD-2024-24398

Malicious code in bioql PyPI...

CVE-2025-43485

CVE-2025-43485: In HP Poly Clariti Manager versions prior to 10.12.2 , a vulnerability could allow a privileged user to retrieve credentials from log files. HP has addressed the issue in the latest software update; remediation is to upgrade to 10.12.2 or later . Documented impact focuses on confi...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to the exposure of sensitive data in active sessions. An attacker can retrieve credentials for users on the management platform by exploiting this vulnerability. Note: The maintaine...

CVE-2025-49653

CVE-2025-49653 concerns Lablup’s BackendAI. The vulnerability arises from exposure of sensitive data in active sessions, enabling an attacker to retrieve credentials for users on the management platform. The affected software is BackendAI (backend.ai) and specifically involves credentials exposur...

CVE-2024-45186

FileSender before 2.49 allows server-side template injection SSTI for retrieving credentials...

CVE-2021-40655

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

CVE-2020-28993

A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request...

CVE-2025-22222

CVE-2025-22222 affects VMware Aria Operations and Aria Operations for Logs. A information-disclosure flaw allows a non-administrative user who knows a valid service credential ID to retrieve credentials for an outbound plugin. The issue is contextualized with related CVEs (CVE-2025-22218/22219/22...

CVE-2025-22222 VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)

VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known...

CVE-2024-2371 Information exposure vulnerability in Korenix JetI/O 6550

Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials...

Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities

Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities Google Dork: N/A Date: 25/08/2023 Exploit Author: The Security Team exploitsecurity.io Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570 Software...

CVE-2022-23117

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...

Authentication flaw

In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials...

Exploit for CVE-2018-9995

This is a Python script, getDVRCredentials.py, that exploits a vulnerability in DVR systems to obtain exposed credentials. The script is designed to target various DVR systems, including Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login. The script...

CVE-2019-17655

A cleartext storage in a file or on disk CWE-313 vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on...

h1-ctf: [H1-2006 2020] From multiple vulnerabilities to complete ATO on any customer account and staff admin

First of all, thanks for the awesome CTF. I enjoyed it very much : Summary The CTF was about helping HackerOne's beloved CEO, @martenmickos, to approve May bug bounty payments after he has lost his login details for BountyPay. It all started with this tweet: F860982 And as you all know, I had to...

Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments

Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments. It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible. Installation This tool is...

eWON Flexy - Authentication Bypass

!/usr/bin/env python ''' Exploit Title: eWON v13.0 Authentication Bypass Date: 2018-10-12 Exploit Author: Photubias – tijldotDeneutatHowestdotbe for www.ic4.be Vendor Advisory: 1 https://websupport.ewon.biz/support/news/support/ewon-security-enhancement-131s0-0 2...

CVE-2018-16223

Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamerapreferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password...