Lucene search
K

73 matches found

Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.3 views

PT-2025-27772

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue involves several credentials for the local PostgreSQL database being stored in plain text, with some partially base64 encoded. Recommendations: At the moment, there is no...

6.8CVSS5.4AI score0.00337EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/05/22 9:25 p.m.6 views

CVE-2021-38938

IBM Host Access Transformation Services HATS 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 210989...

6.2CVSS6.1AI score0.00166EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/05/22 5:43 p.m.7 views

CVE-2025-30172 Admin Authorized Remote Code Execution

Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

8.9CVSS8.4AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:19 a.m.11 views

CVE-2017-8225

On Wireless IP Camera P2P WIFICAM devices, access to .ini files containing credentials is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI...

9.8CVSS7.1AI score0.18005EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:10 a.m.8 views

CVE-2019-10467

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.00852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:44 a.m.6 views

CVE-2018-11544

The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/sharedprefs/com.theolivetree.ftpserverpreferences.xml file as the prefUsername and prefUserpass strings...

9.8CVSS6.9AI score0.01527EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/08 12:0 a.m.28 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

4.8CVSS0.00337EPSS
Exploits0References4
OSV
OSV
added 2025/05/05 4:13 p.m.9 views

GO-2025-3645 Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes

Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes...

8.1CVSS6.7AI score0.01492EPSS
Exploits0References3
NVD
NVD
added 2025/03/14 3:15 p.m.21 views

CVE-2024-45638

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user...

4.4CVSS0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/15 12:0 a.m.13 views

CVE-2025-26793

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

10CVSS0.02303EPSS
Exploits0References3
NVD
NVD
added 2025/01/26 4:15 p.m.27 views

CVE-2023-50945

IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user...

6.2CVSS0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/15 12:0 a.m.11 views

CVE-2024-48121

The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack...

0.00214EPSS
Exploits0References1
CVE
CVE
added 2024/12/06 6:13 p.m.70 views

CVE-2024-45722

CVE-2024-45722 affects Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x, where a weak credential mechanism could allow attackers to easily calculate MQTT credentials and access the MQTT broker. Connected sources confirm exposure related to device serial numbers and potential MQTT ...

8.7CVSS7.5AI score0.00474EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/30 6:7 a.m.3 views

Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials

Overview Multiple network cameras provided by Hangzhou Hikvision Digital Technology Co., Ltd. support two Dynamic DNS services, DynDNS and NO-IP.The user can select which to use on the GUI configuration page. Both the services provide their APIs accessible via HTTP and HTTPS, but old firmware...

6.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/10/28 12:0 a.m.9 views

KRB5 Authorization

This script allows users to enter the information required to authorize and login via KRB5. These data are used by tests that require authentication. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/13 5:26 p.m.18 views

CVE-2024-38285 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools...

7CVSS7AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2024/02/27 6:31 p.m.5 views

EUVD-2024-17158

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

10CVSS9.6AI score0.03272EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/05/10 1:17 p.m.16 views

CVE-2022-40685

Insufficiently protected credentials in the IntelR DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access...

6.5CVSS6.2AI score0.00526EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/25 6:43 p.m.8 views

CVE-2023-28088

An HPE OneView appliance dump may expose SAN switch administrative credentials...

7.7AI score0.00172EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.17 views

Jenkins Artifactory Plugin missing permission check

Jenkins Artifactory Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

4.3CVSS6.5AI score0.01825EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder