57 matches found
Missing Critical Step in Authentication
Overview Affected versions of this package are vulnerable to Missing Critical Step in Authentication via the OIDC authorize process. An attacker can gain unauthorized access to valid OIDC tokens by leveraging a session where only the password has been verified but the second authentication factor...
CVE-2022-31205
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication...
CVE-2020-12595
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4...
CVE-2024-34684
On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...
CVE-2020-7819
A SQL-Injection vulnerability in the nTracker USB Enterprisesecure USB management solution allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information...
CVE-2019-12753
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The maliciou...
EUVD-2020-7913
Malware in sbrugna...
EUVD-2016-7942
Malware in sbrugna...
EUVD-2023-24159
Malicious code in bioql PyPI...
EUVD-2022-30469
Malicious code in bioql PyPI...
EUVD-2022-30232
Malicious code in bioql PyPI...
EUVD-2024-16991
Malicious code in bioql PyPI...
EUVD-2025-8966
Malicious code in bioql PyPI...
CVE-2025-54124
XWiki Platform Legacy Old Core and Old Core, versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, are affected by CVE-2025-54124. Any user with editing rights can create an XClass with a database list property that references a password property; when an ...
CVE-2023-41566
CVE-2023-41566 affects OA EKP v16. An arbitrary download vulnerability exists in the component /ui/sys_ui_extend/sysUiExtend.do that can enable attackers to obtain the background administrator password and subsequently gain database permissions. Reported CVSS v3.1 metrics indicate a network-adjac...
CVE-2023-26984
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...
CVE-2021-30651
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access...
CVE-2025-24245
This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...
CVE-2025-24245
This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...
CVE-2020-16231
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life...