Lucene search
K

152 matches found

NVD
NVD
added 2025/02/21 5:15 p.m.13 views

CVE-2024-45673

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user...

5.5CVSS0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 3:40 a.m.11 views

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.2CVSS7AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2025/02/10 7:15 p.m.23 views

CVE-2024-46433

A default credentials vulnerability in Tenda W18E V16.01.0.81625 allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges...

8.8CVSS0.00533EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:18 a.m.11 views

CVE-2024-20412

A vulnerability in Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded...

9.3CVSS6.8AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/24 12:0 a.m.22 views

CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT...

0.00235EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/12/20 8:13 a.m.18 views

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the...

9.8CVSS10AI score0.42164EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/12/05 12:59 p.m.13 views

CVE-2024-51555 Force Change of Default Credentials

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02...

10CVSS7.1AI score0.00409EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 7:59 p.m.8 views

MGASA-2024-0378 Updated wget packages fix security vulnerability

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524...

6.5CVSS6.4AI score0.0111EPSS
Exploits0References3
CVE
CVE
added 2024/10/22 9:19 p.m.225 views

CVE-2024-43812

The CVE-2024-43812 issue affects Kieback&Peter DDC4000 series controllers (e.g., DDC4002, DDC4100, DDC4200, DDC4400, and their “e” variants) and is caused by insufficiently protected credentials that may allow an unauthenticated attacker with access to /etc/passwd to read password hashes. The vul...

8.6CVSS8.4AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/20 11:26 a.m.36 views

CVE-2024-44000 WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...

9.8CVSS8.9AI score0.83178EPSS
Exploits7References1
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.7 views

Jenkins Plugin Credentials 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software plugin ... A security...

7.5CVSS6.8AI score0.00591EPSS
Exploits0References3
CVE
CVE
added 2024/07/30 2:35 p.m.45 views

CVE-2024-4188

CVE-2024-4188 concerns an unprotected transport of credentials in OpenText Documentum Server, affecting 16.7–23.4. The root cause is unprotected credential transmission, enabling credential stuffing scenarios as described across multiple sources. The connected PT-2024-29610 entry confirms affecte...

7.1CVSS6.6AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/26 11:59 a.m.24 views

CVE-2024-41689 Hard-coded Credentials Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WP...

5.2CVSS0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.5 views

Gallagher Command Centre security breach

Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre that stems from inadequate protection of credentials...

9.1CVSS6.9AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/19 11:19 a.m.12 views

CVE-2024-1344 Encrypted database credentials in LaborOfficeFree

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOFservice.exe' and 'LaborOfficeFree.exe' located in the '%programfilesx86%\LaborOfficeFree' directory. This user ca...

6.8CVSS6.6AI score0.00305EPSS
Exploits0References1
Prion
Prion
added 2024/02/14 2:15 p.m.17 views

Information disclosure

Insufficiently protected credentials in some IntelR Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access...

5CVSS6.9AI score0.00484EPSS
Exploits0References1
CVE
CVE
added 2023/10/06 4:35 p.m.55 views

CVE-2023-23370

The CVE-2023-23370 issue affects QVPN Device Client (Windows) with the root cause being insufficient protection of credentials. Versions prior to 2.1.0.0518 are vulnerable; exploitation could allow local authenticated administrators to gain access to user accounts and sensitive data via unspecifi...

6.7CVSS5.2AI score0.00154EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/06 4:35 p.m.39 views

CVE-2023-23370 QVPN Device Client

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...

6.7CVSS6.7AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/03 9:26 p.m.11 views

CVE-2022-45859

An insufficiently protected credentials vulnerability CWE-522 in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords...

4.1CVSS6.6AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.11 views

PT-2023-2754 · Fortinet · Fortinac-F +1

Name of the Vulnerable Software and Affected Versions: FortiNAC versions 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0, 8.7.0 FortiNAC-F version 7.2.0 Description: The issue is related to insufficient protection of registration data when handling the /etc/shadow password file, which ma...

4.4CVSS4.6AI score0.00143EPSS
Exploits0References6
Rows per page
Query Builder