35 matches found
CVE-2026-56765
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...
EUVD-2026-42890
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...
CVE-2025-67805
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
EUVD-2025-209164
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
CVE-2025-67805
A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...
macOS 15.x < 15.7.5 Multiple Vulnerabilities (126795)
The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.5. It is, therefore, affected by multiple vulnerabilities: - A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, mac...
PT-2026-25998
Summary /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cracking against leaked database hashes. Details File:...
CVE-2026-27461
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
CVE-2026-26333
The CVE describes an unauthenticated .NET Remoting HTTP service on TCP port 8001 in VeraSMART versions prior to 2022 R1. It exposes default ObjectURIs (e.g., EndeavorServer.rem, RemoteFileReceiver.rem) and allows SOAP/binary formatters with TypeFilterLevel set to Full. An unauthenticated attacker...
Files or Directories Accessible to External Parties
Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the AllowPathBuilder behavior accessible via the create core API. An attacker can read...
MiracleLinux 7 : ipa-4.6.8-5.17.0.1.el7.AXS7 (AXSA:2024-8141:06)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8141:06 advisory. ipa: user can obtain a hash of the passwords of all domain users and perform offline brute force CVE-2024-3183 Tenable has extracted the preceding descriptio...
CVE-2025-40760
A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes fo...
CVE-2018-25129
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like...
CVE-2025-14553
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...
EUVD-2025-200106
Grav Exposes Password Hashes Leading to privilege escalation...
PT-2025-48563
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack thes...
CVE-2025-64753
CVE-2025-64753 Summary : Grist-core versions prior to 1.7.7 expose the full version history and change details to users with partial read access via the /compare endpoint. Root cause: insufficient access control on document/version comparisons. Impact: disclosure of changes that may include data ...
PT-2025-44801
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...
CVE-2025-11196
The CVE-2025-11196 issue affects the WordPress External Login plugin (versions up to 1.11.2). The vulnerability is due to the exlog_test_connection AJAX action lacking capability checks or nonce validation, enabling authenticated users with subscriber-level access and above to query the external ...
EUVD-2013-7026
Malware in sbrugna...