CVE-2025-58743 Insecure Encryption Algorithms Enable Brute-Force Database Credential Access in Milner ImageDirector Capture

Use of a Broken or Risky Cryptographic Algorithm DES vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808...

CVE-2025-58741

The CVE-2025-58741 entry concerns Milner ImageDirector Capture. Affected product/versions: ImageDirector Capture 7.0.9 through 7.6.3.25808. Issue: Insufficiently Protected Credentials vulnerability in the Credential Field allows retrieval of credential material and enables database access. Impact...

CVE-2025-58741 Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

CVE-2025-58740

The vulnerability CVE-2025-58740 affects Milner ImageDirector Capture on Windows, where a hard-coded encryption key is used in C2SGlobalSettings.dll Password function. This allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. Affected versi...

CVE-2025-58740

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

CVE-2026-1221

CVE-2026-1221 concerns the PrismX MX100 AP controller from Browan Communications. Multiple connected sources confirm a vulnerability described as the use of hard-coded credentials stored in firmware, enabling unauthenticated remote login to the database. Reported impact is high on confidentiality...

CVE-2026-1221 BROWAN COMMUNICATIONS ｜PrismX MX100 AP controller - Use of Hard-coded Credentials

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to the database using hardcoded database credentials stored in the firmware...

PT-2026-3665

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description The software uses a hard-coded encryption key within the Password function in C2SGlobalSettings.dll on Windows. A local attacker can exploit this to decrypt database...

Milner ImageDirector Capture security vulnerability

Milner ImageDirector Capture is a document collection and digital asset management software developed by the American company Milner. Versions of Milner ImageDirector Capture from 7.0.9.0 to 7.6.3.25808 contained security vulnerabilities. These vulnerabilities were due to the use of defective or...

VulnCheck KEV: CVE-2025-69200

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...

CVE-2025-14615

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...

CVE-2025-14615

CVE-2025-14615 affects the DASHBOARD BUILDER – WordPress plugin for Charts and Graphs (versions ≤ 1.5.7). Wordfence and other sources confirm a CSRF flaw due to missing nonce validation in dashboardbuilder-admin.php, enabling unauthenticated attackers to forge requests that alter the stored SQL q...

CVE-2023-50894

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information...

phpMyFAQ Improper Authorization Vulnerability (GHSA-9cg9-4h4f-j6fg)

phpMyFAQ is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq";...

CVE-2025-69200

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...

EUVD-2025-205600

phpMyFAQ has unauthenticated config backup download via /api/setup/backup...

Information Exposure

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Information Exposure via the backup process. An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST...

GHSA-9CG9-4H4F-J6FG phpMyFAQ has unauthenticated config backup download via /api/setup/backup

Summary An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files e.g., database.php with database credentials, leading to...