318 matches found
CVE-2025-15623
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...
CVE-2025-15623 Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...
CVE-2025-15623
Sparx Pro Cloud Server is affected by CVE-2025-15623, where an unauthenticated user can retrieve the database password in plaintext in certain scenarios. The issue is described as exposure of private personal information and sensitive system information to an unauthorized actor, with the CVSS v4....
CVE-2025-15623 Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...
CVE-2026-39337
ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...
EUVD-2026-19835
ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...
ChurchCRM 代码注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a code injection vulnerability. This vulnerability stemmed from the $dbPassword variable not being cleaned during the installation process, which could lead to remote code execution and...
CVE-2025-12773
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
CVE-2020-37116
GUnet OpenEclass 1.7.3 ships with phpMyAdmin 2.10.0.2 by default, enabling remote login. If an attacker gains platform access, they can reach phpMyAdmin, upload a shell, and view the config.php to obtain the MySQL password, enabling full database compromise. The provided documents do not specify ...
CVE-2025-70958
Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...
CVE-2025-12773 Plain password is generated in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
CVE-2025-12773 Plain password is generated in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
EUVD-2025-206663
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...
CVE-2025-12680 Brocade SANnav DataBase plaintext password is logged in failover logs (CVE-2025-12680)
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the databa...
Subrion CMS 安全漏洞
Subrion CMS is a content management system CMS developed by the Subrion team, based on PHP. This system can be integrated into websites and supports various extension plugins. Version 4.2.1 of Subrion CMS has a security vulnerability, which stems from insufficient input validation for the dbuser,...
CVE-2025-70958
Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...
PT-2026-5704
Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1 Description The installation module of Subrion CMS contains reflected cross-site scripting XSS flaws. These flaws allow attackers to execute arbitrary Javascript in the context of a user's browser. Exploitation occurs...
CVE-2026-24840 Dokploy uses hardcoded credentials in installation script, which could result in database access
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a hardcoded credential in the provided installation script located at https://dokploy.com/install.sh, line 154 uses a hardcoded password when creating the database container. This means that nearly all Dokpl...