Astra Linux – Vulnerability in the 389-DS-base

A flaw has been discovered in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker who can view the screen or record the terminal’s standard error outpu...

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-59105

CVE-2025-59105 describes unencrypted flash storage in the dormakaba access manager. With physical access and time, an attacker can desolder, modify, and reflash memory, enabling read/write of critical data (e.g., /etc/passwd, stored certificates, cryptographic keys, PINs) and potentially gain SSH...

EUVD-2025-206374

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

EUVD-2019-2236

Malware in sbrugna...

EUVD-2025-20517

Malicious code in bioql PyPI...

CVE-2025-57433

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint /cwi/ajaxrequest/getdata.php, an authenticated attacker even with a low-privileged account like guest can retrieve the hashed passwords for the...

Linux Distros Unpatched Vulnerability : CVE-2019-10224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive...

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...

CVE-2023-33838

CVE-2023-33838 affects IBM Security Verify Governance 10.0.2 Identity Manager. The issue is that the product uses a one-way cryptographic hash on inputs that should not be reversible (e.g., passwords) without applying a salt, increasing exposure of hashed values. The connected IBM bulletin confir...

CVE-2023-51574

Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. T...

Voltronic Power ViewPower 安全漏洞

Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A security bypass vulnerability exists in Voltronic Power ViewPower that stems from a specific flaw in the updateManagerPassword method, which can be exploited by an attacker to bypass...

CVE-2023-51573

Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...

The vulnerability of the updateManagerPassword function in the software for managing power sources of Voltronic Power ViewPower Pro allows a intruder to bypass the authentication process and gain unauthorized access to the software.

The vulnerability of the updateManagerPassword function in the software for managing power sources of Voltronic Power ViewPower Pro is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to bypass the authentication...

The vulnerability of the `updateManagerPassword` method in the software for managing power supply sources of Voltronic Power ViewPower allows a perpetrator to bypass the authentication process and gain unauthorized access to the software.

The vulnerability of the updateManagerPassword method in the software for managing power supply sources of Voltronic Power ViewPower is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to bypass the authentication...

SUSE CVE-2019-10224

A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could...

GHSA-WCJJ-QM5V-J4PC Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords

Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...