GHSA-9VMH-WHC4-7PHG OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

📄 ZTE ZXHN H298A 1.1 / H108N 2.6 Unauthenticated Credential Disclosure

ZTE ZXHN H298A 1.1 and H108N 2.6 suffer from an unauthenticated credential exposure vulnerability via the ETHCheat parameter in getpage.lua. Title: ZTE ZXHN H298A 1.1 / H108N 2.6 - Unauthenticated Credential Exposure ETHCheat Parameter Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE...

Exploit for CVE-2025-1738

CVE-2025-1738 - Trivision Camera NC227WF PoC...

CVE-2025-15587

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

CVE-2020-24577

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body...

CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

CVE-2025-6571

A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it...

CVE-2025-55976

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint...

PT-2025-37079

Name of the Vulnerable Software and Affected Versions: Intelbras IWR 3000N version 1.9.8 Description: The Intelbras IWR 3000N version 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. An unauthenticated user on the local network can obtain the Wi-Fi network password by...

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald 's was exposed after they guessed the password "123456" for the fast food chain's account at Paradox.ai , a company that makes artificial intelligence based hiring chatbots...

OESA-2025-1580 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for...

CVE-2023-30354

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access...

UBUNTU-CVE-2025-48708

gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext...

UBUNTU-CVE-2025-30474

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2024-1345

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password...

Red Hat AMQ Broker 安全漏洞

Red Hat AMQ Broker is a pure Java multi-protocol message broker from Red Hat. It is built on an efficient asynchronous core with fast native logging for message persistence and unshared state replication options for high availability. A security vulnerability exists in Red Hat AMQ Broker, which...

CVE-2023-33741

Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device...

PT-2023-11474 · Xiaomi · Xiaomi Router Firmware

Name of the Vulnerable Software and Affected Versions: Xiaomi router firmware affected versions not specified Description: The issue is caused by the lack of access control policies on some API interfaces, allowing attackers to exploit an unauthenticated API and reveal the WIFI password. This can...

CVE-2022-26546

Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password...