43 matches found
mysql: Fix of CVE-2019-2627
CVE-2019-2627: fix crash when mysql.user table has missing password column...
CLSA-2026-1776937700 mysql: Fix of CVE-2019-2627
CVE-2019-2627: fix crash when mysql.user table has missing password column...
Duplicate Advisory: OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qvr7-g57c-mrc7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and...
CVE-2026-24038
Horilla HRMS has a 2FA bypass in version 1.4.0 due to a flawed OTP equality check: when OTP expires, the server returns None and omitting the otp field makes user_otp == otp pass, bypassing 2FA. Administrative accounts risk data compromise; fixed in version 1.5.0. Remediation: upgrade to 1.5.0 or...
CVE-1999-0502
A Unix account has a default, null, blank, or missing password...
CVE-2025-12285
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12285 Missing Initial Password Change
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
EUVD-2024-32918
Malicious code in bioql PyPI...
SUSE SLES12 Security Update : cups (SUSE-SU-2025:03178-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03178-1 advisory. - CVE-2025-58060: no password check when AuthType is set to anything but Basic and a request is made with an Authorization: Basic header...
Missing Password Field Masking
Overview Affected versions of this package are vulnerable to Missing Password Field Masking due to improper handling of process command arguments containing sensitive information. An attacker can obtain confidential data by accessing security event logs where sensitive arguments, such as password...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...
FreeScout Security Bypass Vulnerability (CNVD-2025-20780)
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability caused by a failure to check for missing password fields in data from users. An attacker could exploit the...
CVE-2025-4526
CVE-2025-4526 affects Dígitro NGC Explorer 3.44.15, specifically the Configuration Page. The issue is that the password field is not masked, exposing passwords in the UI. The vulnerability can be initiated remotely, per multiple sources, with vendor contact noted but no response. Impact is descri...
CVE-2025-2277
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada Inc. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and earlier, which stems from a missing password mask in the web-based SSH...
Missing Password Field Masking
Overview Affected versions of this package are vulnerable to Missing Password Field Masking which allows an unauthenticated user to conduct a disclosure of information. Remediation Upgrade io.jenkins.plugins:zoom to version 1.6 or higher. References - GitHub Commit - Zoom Security Bulletin...
Zoom Jenkins Marketplace plugin 安全漏洞
Zoom Jenkins Marketplace plugin is a plugin from Zoom USA. The Zoom Jenkins Marketplace plugin suffers from an information disclosure vulnerability that stems from a missing password field mask. An attacker can exploit this vulnerability to disclose sensitive information...
CVE-2024-10122 Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the...
CVE-2024-10122
CVE-2024-10122 affects Topdata Inner Rep Plus WebServer 2.01, specifically the Operator Details Form’s /InnerRepPlus.html function. Connected PT-2024-16045 confirms a vulnerability due to missing password field masking, enabling remote attacks. Vendor response unavailable. Practical impact stated...