EUVD-2026-35221

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2022-43877

Malicious code in bioql PyPI...

Improper Password Verification

org.springframework.security, spring-security-crypto is vulnerable to Improper password verification. The vulnerability is due to BCrypt's 72-character password truncation causing BCryptPasswordEncoder.matches to validate only the first 72 characters, allowing incorrect password acceptance...

Devolutions Server < 2024.3.11.0 Improper Password Reset (DEVO-2025-0002)

The version of Devolutions Server installed on the remote host is prior to 2024.3.11.0 and is, therefore, affected by an improper password reset vulnerability: - Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle us...

CVE-2022-40602

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00ABLG.6C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator...

CVE-2024-42173 HCL MyXalytics is affected by an improper password policy implementation vulnerability

HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known...

CVE-2023-38328

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password...

CVE-2023-38328

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password...

CVE-2023-38328

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password...

CVE-2023-38328

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password...

Moxa EDS-G512E improper password storage in backup files (CVE-2017-13701)

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. This plugin only works with...

CVE-2023-31123 effectindex/tripreporter vulnerable to improper password verification on POST `/api/v1/account/login`

effectindex/tripreporter is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of effectindex/tripreporter, e.g. subjective.report, may be affected by an improper...

CVE-2023-31123 effectindex/tripreporter vulnerable to improper password verification on POST `/api/v1/account/login`

effectindex/tripreporter is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of effectindex/tripreporter, e.g. subjective.report, may be affected by an improper...

SUSE: Security Advisory (SUSE-SU-2023:0126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-40602

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00ABLG.6C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator...

CVE-2022-32282

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges...

Input validation

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges...

CVE-2022-32282

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges...

CVE-2022-32282

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges...

PT-2022-21204 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 WWBN AVideo dev master commit 3f7c0364 Description: An issue exists in the login functionality due to an improper password check. This allows an attacker with a user's password hash to directly log into the account,...