CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/01/26 10:3 a.m.•8 views

CVE-2025-59093 Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 9300

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

8.5CVSS5.9AI score0.00188EPSS

RedhatCVE•added 2026/01/09 9:35 a.m.•5 views

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

3.3CVSS6.8AI score0.00275EPSS

Exploits1References1

4.3CVSS6.4AI score0.01657EPSS

EUVD-2004-2708

Malware in sbrugna...

5CVSS6.3AI score0.01266EPSS

EUVD-2013-4811

Malware in sbrugna...

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2016-7268

Malware in sbrugna...

5.5CVSS5.5AI score0.00347EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-11706

Malware in sbrugna...

7CVSS7AI score0.00491EPSS

Exploits0References11

7.5CVSS7.5AI score0.01371EPSS

EUVD-2019-6163

Malware in sbrugna...

3.6CVSS6.4AI score0.00383EPSS

EUVD-2003-0493

Malware in sbrugna...

Exploits0References2

7.5CVSS6.1AI score0.02083EPSS

EUVD-2003-0013

Malware in sbrugna...

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-42146

Malicious code in bioql PyPI...

4.9CVSS5.3AI score0.00578EPSS

OSV•added 2025/06/30 5:44 p.m.•4 views

GHSA-HC8F-M8G5-8362 File Browser: Command Execution not Limited to Scope

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

8CVSS6.3AI score0.00885EPSS

Exploits1References8

RedhatCVE•added 2025/05/23 5:21 a.m.•4 views

CVE-2023-34097

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are...

8.8CVSS7AI score0.0068EPSS

Exploits1References1

RedhatCVE•added 2025/05/21 9:35 p.m.•6 views

CVE-2004-2718

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...

4.3CVSS6.4AI score0.01657EPSS

CVE•added 2024/05/29 4:35 p.m.•58 views

CVE-2024-34715

CVE-2024-34715 affects the Fides webserver, where an improper escaping of the SQLAlchemy password string can cause the database password to be partially exposed in webserver logs when the password contains characters like @ or $. This is due to insufficient escaping of the password in the connect...

3.3CVSS3.4AI score0.00275EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2023/06/05 12:0 a.m.•5 views

PT-2023-24669 · Unknown · Hoppscotch

Name of the Vulnerable Software and Affected Versions: hoppscotch versions prior to 2023.4.5 Description: The issue concerns the exposure of the database password in system logs when the database connection string is displayed. This could allow attackers with access to system logs to elevate thei...

8.8CVSS8.7AI score0.0068EPSS

Exploits1References6

CNVD•added 2021/01/07 12:0 a.m.•2 views

Gigamon GigaVUE-OS database plaintext storage redis password vulnerability

Gigamon GigaVUE-OS is an operating system for GigaVUE network devices from Gigamon, USA. A security vulnerability exists in GigaVUE-OS GVOS versions 5.4 - 5.9, which originates from Redis database passwords stored in clear text. An attacker could use this vulnerability to obtain the database...

4.7CVSS6.9AI score0.00371EPSS

CNVD•added 2018/06/14 12:0 a.m.•2 views

Red Hat ovirt-engine Information Disclosure Vulnerability

Red Hat oVirt is an open source virtualization management platform from Red Hat, an open source version of RHEV Platform for Enterprise Virtualization, consisting of the oVirt-node client and the overt-engine management side. overt-engine is one of the control center components, which is capable ...

7.8CVSS6.6AI score0.00353EPSS

CNVD•added 2017/09/18 12:0 a.m.•1 views

SQL Injection Vulnerability in EasyAdmin /application/index/controller/index.php Page

EasyAdmin is a free and open source community program based on the LayUI template, with a ThinkPHP5 framework for backend support. SQL injection vulnerability exists in the EasyAdmin /application/index/controller/index.php page. Attackers can construct a specific URL injection to obtain the...

8AI score

Exploits0

Cvelist•added 2017/09/06 9:0 p.m.•22 views

CVE-2015-5959

Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log...

9.6AI score0.03144EPSS