CVE-2026-34408

An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...

Missing Critical Step in Authentication

Overview Affected versions of this package are vulnerable to Missing Critical Step in Authentication via the OIDC authorize process. An attacker can gain unauthorized access to valid OIDC tokens by leveraging a session where only the password has been verified but the second authentication factor...

MiracleLinux 7 : 389-ds-base-1.3.10.2-16.el7 (AXSA:2022-3281:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3281:02 advisory. 389-ds-base: sending crafted message could result in DoS CVE-2022-0918 389-ds-base: expired password was still allowed to access the database...

MiracleLinux 9 : 389-ds-base-2.1.3-4.el9 (AXSA:2023-4906:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4906:01 advisory. 389-ds-base: sending crafted message could result in DoS CVE-2022-0918 389-ds-base: SIGSEGV in syncrepl CVE-2022-2850 389-ds-base: expired password...

CVE-2022-31205

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication...

CVE-2022-0093

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds...

CVE-2020-12595

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4...

CVE-2024-34684

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

CVE-2020-7819

A SQL-Injection vulnerability in the nTracker USB Enterprisesecure USB management solution allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information...

CVE-2019-16639

An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec= substring. This affects EG-2000SE EGRGOS 11.9...

CVE-2019-12753

An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The maliciou...

EUVD-2019-18539

Malware in sbrugna...

EUVD-2021-17865

Malware in sbrugna...

EUVD-2009-4979

Malware in sbrugna...

EUVD-2016-7942

Malware in sbrugna...

EUVD-1999-1073

Malware in sbrugna...

EUVD-2001-0292

Malware in sbrugna...

EUVD-2002-1093

Malware in sbrugna...

EUVD-2019-1088

Malware in sbrugna...

EUVD-2020-7913

Malware in sbrugna...