Intelbras WIN 300/WRN 342 - Credentials Disclosure

Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code. id: CVE-2021-3017 info: name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description:...

EUVD-2026-31417

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or...

CVE-2025-13997

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

CVE-2023-49261

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

CVE-2023-31069

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page...

CVE-2016-10512

MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext...

CVE-2019-16313

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

CVE-2025-61431

A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...

PT-2025-45036

Name of the Vulnerable Software and Affected Versions Zucchetti ZMaintenance Infinity versions prior to 4.2 Zucchetti ZMaintenance Infinity Zucchetti version 4.1 Description A reflected cross-site scripting XSS issue exists in the /jsp/gsfr feditorHTML.jsp API endpoint of the software. This allow...

CVE-2025-52180

Summary: CVE-2025-52180 is a cross-site scripting (XSS) flaw in Zucchetti Ad Hoc Infinity 4.2 and earlier. The issue arises from an unvalidated pHtmlSource parameter at the endpoint /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource, enabling remote, unauthenticated attackers to inject arbitrary JavaScrip...

CVE-2025-52179

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...

EUVD-2001-1098

Malware in sbrugna...

EUVD-2007-6666

Malware in sbrugna...

EUVD-2020-29844

Malware in sbrugna...

EUVD-2014-2403

Malware in sbrugna...

EUVD-2014-4239

Malware in sbrugna...

EUVD-2013-6489

Malware in sbrugna...

EUVD-2008-1529

Malware in sbrugna...

EUVD-2015-4237

Malware in sbrugna...