Lucene search
K

12 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

Cerebrate 信息泄露漏洞

Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...

5.1CVSS5.3AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29528

A non-default configuration in Sage DPW 2025 06 004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW...

5.9CVSS5.9AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.6 views

PT-2026-7888

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...

9.3CVSS5.4AI score0.00191EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/26 12:42 a.m.16 views

CVE-2025-64061

Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level including standard or low-privileged users, can make a GET request to this endpoint and retrieve a...

4.3CVSS7AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 5:15 p.m.5 views

CVE-2025-34331

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

8.7CVSS0.00462EPSS
Exploits2References4
CVE
CVE
added 2025/09/22 12:0 a.m.15 views

CVE-2025-57433

The CVE-2025-57433 entry concerns the 2wcom IP-4c device (version 2.15.5). A vulnerability in the web interface allows information disclosure via a crafted POST to /cwi/ajax_request/get_data.php. An authenticated user, even with low privileges (e.g., guest), can retrieve hashed passwords for admi...

6.5CVSS5.8AI score0.00337EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/03/20 5:15 a.m.4 views

CVE-2024-22084

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.4 views

Ibermática RPS 2019 Log Information Disclosure Vulnerability

Ibermática RPS 2019 is an ERP software from Ibermática. Ibermática RPS 2019 suffers from a log message disclosure vulnerability that originates from an attacker being able to download a log file that contains a password hash encoded using the AES-CBC-128 bit algorithm, which can be decrypted usin...

8.2CVSS6.7AI score0.00243EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.2 views

SUSE CVE-2019-3700

yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger...

5.1CVSS7AI score0.00107EPSS
Exploits0References4
OSV
OSV
added 2022/03/22 12:15 a.m.4 views

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

7.8CVSS5.8AI score0.00185EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/11/03 12:0 a.m.7 views

The vulnerability of the Windows operating system’s network authentication protocol, NT LAN Manager (NTLM), allows a hacker to access user password hashes.

The vulnerability of the Windows operating system’s Network Authentication Protocol NTLM exists due to the incorrect implementation of the NTLM authentication algorithm. Exploiting this vulnerability allows a malicious actor to obtain access to user password hashes through a specially crafted SCF...

8.5CVSS5.5AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2009/01/22 4:30 p.m.1 views

CVE-2009-0250

Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password...

5CVSS5.4AI score0.06282EPSS
Exploits0References6
Rows per page
Query Builder