EUVD-2025-26731

Malicious code in bioql PyPI...

EUVD-2022-34374

Malicious code in bioql PyPI...

EUVD-2022-28550

Malicious code in bioql PyPI...

EUVD-2022-4532

Malicious code in bioql PyPI...

EUVD-2023-40553

Malicious code in bioql PyPI...

EUVD-2023-57519

Malicious code in bioql PyPI...

Plex users: Reset your password!

Media streaming platform Plex has warned customers about a data breach, advising them to reset their password. Plex said an attacker broke into one of its databases, allowing them to access a "limited subset" of customer data. This included email addresses, usernames, hashed passwords, and...

CVE-2025-23261

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users...

CVE-2025-23261

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users...

Linux Distros Unpatched Vulnerability : CVE-2019-13458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker...

PT-2025-31676 · Freshrss · Freshrss

Name of the Vulnerable Software and Affected Versions: FreshRSS versions 1.26.1 and below Description: FreshRSS is a free, self-hostable RSS aggregator. An authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain...

NewStart CGSL MAIN 7.02 : cloud-init Multiple Vulnerabilities (NS-SA-2025-0173)

The remote NewStart CGSL host, running version MAIN 7.02, has cloud-init packages installed that are affected by multiple vulnerabilities: - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed...

CVE-2025-4593

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rpuserdata' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

NewStart CGSL MAIN 7.02 : cloud-init Vulnerability (NS-SA-2025-0074)

The remote NewStart CGSL host, running version MAIN 7.02, has cloud-init packages installed that are affected by a vulnerability: - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

CVE-2024-38289

A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...

CVE-2022-23497

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...

CVE-2021-23858

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...

CVE-2020-1932

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...

CVE-2018-14861

Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users...

CVE-2018-13063

Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts...