CVE-2026-31282

Totara LMS versions up to 19.1.5 are affected by a login-page misissue described as Incorrect Access Control, where the login form can be revealed through manipulated login page code. This can be combined with missing rate-limiting on the login form to enable brute-force attacks. Documents confir...

Advantech ADAM-5630 Weak Encoding For Password (CVE-2024-34542)

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

GoPhish 安全漏洞

GoPhish is an open-source phishing framework developed by GoPhish. Versions of GoPhish 0.12.1 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control mechanisms. In these versions, the management panel exposes the user’s long-term API keys directly in...

EUVD-2020-30836

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

EUVD-2021-22727

Malware in sbrugna...

EUVD-2024-42147

Malicious code in bioql PyPI...

CVE-2025-11155

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

PT-2025-36560

Name of the Vulnerable Software and Affected Versions: SAP Business One affected versions not specified Description: A flaw exists in the SLD backend service of SAP Business One when a user logs in via the native client. The service fails to enforce proper encryption of certain APIs, leading to t...

PT-2024-15967 · WordPress · Rover Idx Plugin

Name of the Vulnerable Software and Affected Versions: Rover IDX plugin for WordPress versions up to and including 3.0.0.2905 Description: The issue arises from insufficient validation and capability check on the rover idx refresh social callback function, allowing authenticated attackers with...

PT-2023-3379 · Siemens · Cp-8050 Master Module +1

Name of the Vulnerable Software and Affected Versions: CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05 Description: A vulnerability has been identified that involves an exposed UART console login interface. This issue could allow an attacker...

PT-2023-12997 · Entab Erp · Entab Erp

Name of the Vulnerable Software and Affected Versions: ENTAB ERP version 1.0 Description: The issue allows attackers to discover users' full names via a brute force attack by trying a series of student usernames, such as s10000 through s20000, due to the lack of rate limiting. Recommendations: Fo...

多款AutomationDirect产品安全漏洞

AutomationDirect C-more EA9 HMI and so on are products of AutomationDirect, Inc.AutomationDirect C-more EA9 HMI is a series of touch screen panels.AutomationDirect DirectLOGIC is a programmable logic AutomationDirect SIO-MB04RTDS is a programmable logic controller. A security vulnerability exists...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an information disclosure vulnerability that stems from banner theme data being publicly available on a website that requires a login.The following...

ROS-2-2197

2.2197 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

CVE-2020-35934

The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object including all metadata upon login via the REST API aam/v1/authenticate or aam/v2/authenticate. This is a security problem if this object stores information that the user is not supposed to have e.g.,...

WAGO e!COCKPIT Encryption Problem Vulnerability

WAGO e!COCKPIT is a set of integrated development environment software from the German company WAGO. The software is mainly used for hardware configuration, programming and simulation. WAGO e!COCKPIT suffers from a cryptographic issue that can be exploited by an attacker to recover the password o...

CVE-2017-15290

Mirasys Video Management System VMS 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality...

MGASA-2015-0486 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...

X10media Mp3 Search Engine <= 1.6 - Remote File Disclosure Vulnerability

No description provided by source. THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER t4hathotmail.fr Dork: This search engine is in no way intended for illegal downloads. File : Download.php...