Lucene search
K

318 matches found

NVD
NVD
added 2026/04/17 9:16 a.m.14 views

CVE-2025-15623

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

9.3CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/17 8:37 a.m.5 views

CVE-2025-15623 Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

9.3CVSS5.8AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/04/17 8:37 a.m.15 views

CVE-2025-15623

Sparx Pro Cloud Server is affected by CVE-2025-15623, where an unauthenticated user can retrieve the database password in plaintext in certain scenarios. The issue is described as exposure of private personal information and sensitive system information to an unauthorized actor, with the CVSS v4....

9.3CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/17 8:37 a.m.33 views

CVE-2025-15623 Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

9.3CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 6:16 p.m.9 views

CVE-2026-39337

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS0.00715EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 6:8 p.m.7 views

EUVD-2026-19835

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS6.6AI score0.04151EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.5 views

ChurchCRM 代码注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a code injection vulnerability. This vulnerability stemmed from the $dbPassword variable not being cleaned during the installation process, which could lead to remote code execution and...

10CVSS6.4AI score0.00715EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.8 views

CVE-2025-12773

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

7.1CVSS8.4AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.7 views

CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References4
CVE
CVE
added 2026/02/03 4:52 p.m.14 views

CVE-2020-37116

GUnet OpenEclass 1.7.3 ships with phpMyAdmin 2.10.0.2 by default, enabling remote login. If an attacker gains platform access, they can reach phpMyAdmin, upload a shell, and view the config.php to obtain the MySQL password, enabling full database compromise. The provided documents do not specify ...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 3:11 a.m.8 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.5AI score0.00254EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 12:38 a.m.2 views

CVE-2025-12773 Plain password is generated in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

7.1CVSS5.5AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 12:38 a.m.33 views

CVE-2025-12773 Plain password is generated in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

7.1CVSS0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 12:38 a.m.5 views

EUVD-2025-206663

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

7.1CVSS5.5AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 8:50 p.m.4 views

CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...

6CVSS5.4AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/02 8:50 p.m.24 views

CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)

Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...

6CVSS0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

Subrion CMS 安全漏洞

Subrion CMS is a content management system CMS developed by the Subrion team, based on PHP. This system can be integrated into websites and supports various extension plugins. Version 4.2.1 of Subrion CMS has a security vulnerability, which stems from insufficient input validation for the dbuser,...

6.1CVSS5.6AI score0.00254EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 12:0 a.m.4 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

5.5AI score0.00254EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.10 views

PT-2026-5704

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1 Description The installation module of Subrion CMS contains reflected cross-site scripting XSS flaws. These flaws allow attackers to execute arbitrary Javascript in the context of a user's browser. Exploitation occurs...

6.1CVSS5.4AI score0.00254EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/01/28 12:15 a.m.5 views

CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...

8CVSS5.9AI score0.00334EPSS
Exploits1References2
Rows per page
Query Builder