CVE-2023-52286

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/getdbinfo request, a related issue to CVE-2023-42387...

CVE-2023-28630

GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...

CVE-2023-2514

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization...

CVE-2021-25275

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login...

CVE-2021-39458

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables...

CVE-2021-24227

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...

CVE-2014-3848

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...

CVE-2019-3947

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server...

CVE-2018-15808

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients...

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

CVE-2005-2029

amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file...

CVE-2002-1886

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password...

CVE-2025-3103

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for...

CVE-2025-24375

Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary...

CVE-2024-13911

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level acces...

CVE-2024-13911

CVE-2024-13911 affects the WordPress plugin Database Backup and check Tables Automated With Scheduler 2024 (

U.S. Dept Of Defense: Exposure of Sensitive Debug File Containing database dump with passwords in plain text

A publicly accessible debug file was discovered, exposing sensitive database credentials including usernames and passwords in plaintext. The file contained information such as the database name, type, and server...

The vulnerability of the software products of the LLC “NPO ‘MIR’, related to the use of weak protection for database data, allows attackers to disclose the protected information.

The vulnerability of the software products developed by LLC “NPO ‘MIR’ lies in the use of weak protection for database credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose the protected information...

Security update for SUSE Manager Client Tools MU 5.0.3

This update fixes the following issues: spacecmd was updated to version 5.0.11-0: Updated translation strings uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: Security issues fixed: CVE-2024-22037: Use podman secret to store the database credentials bsc1231497 Other changes and bugs...

Security update for SUSE Manager Client Tools

This update fixes the following issues: spacecmd was updated to version 5.0.11-0: Updated translation strings uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: Security issues fixed: CVE-2024-22037: Use podman secret to store the database credentials bsc1231497 Other changes and bugs...