CVE-2014-5457

QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password...

Updated pam packages fix security vulnerability

libpam vulnerable to leaking hashed passwords. CVE-2024-10041...

MGASA-2025-0149 Updated pam packages fix security vulnerability

libpam vulnerable to leaking hashed passwords. CVE-2024-10041...

CVE-2025-32044

CVE-2025-32044 affects Moodle via unauthenticated access to sensitive user data exposed through stack traces returned by specific REST API calls. Affected until PHP is configured with zend.exception_ignore_args != 1 (sites with zend.exception_ignore_args = 1 are not affected). The CVE entry notes...

CVE-2025-30654

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific...

CVE-2025-30654

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific...

CVE-2025-30654

CVE-2025-30654 affects Junos OS and Junos OS Evolved. A local, low-privileged attacker with CLI access can exploit the UI via a specific show mgd command to view sensitive information, including password hashes. Affected versions include Junos OS pre-21.4R3-S10, 22.2 before 22.2R3-S5, 22.4 before...

CVE-2025-30654 Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific...

Linux Distros Unpatched Vulnerability : CVE-2016-2379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of clie...

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

CVE-2024-13525

CVE-2024-13525 affects Customer Email Verification for WooCommerce (WordPress) up to version 2.9.4. An authenticated attacker with Contributor+ can exfiltrate emails and hashed passwords via Shortcode. Remediation: update to a version higher than 2.9.4 (patch available).

CVE-2024-13525 Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

VulnCheck KEV: CVE-2024-57727

SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords...

Gradle 安全漏洞

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Develocity versions prior to 2024.3.1, which stems from a vulnerability that allows an attacker with network access privileges to obtain...

WordPress plugin Moving Users 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

Pam: libpam: libpam vulnerable to read hashed password

...

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2024-16361 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin for WordPress versions prior to 2.6.16 Description: The issue allows authenticated attackers with Subscriber-level access and above to extract sensitive data, including hashed passwords of project owners, via the...

pam: libpam: Libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...