Lucene search
K

2100 matches found

Nuclei
Nuclei
added yesterday24 views

WordPress Download Manager - File Password Exposure

The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. id: CVE-2023-6421 info: name: WordPress Download Manager - File Password Exposure...

7.5CVSS7.1AI score0.02437EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS5.7AI score0.00219EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-54704 OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00219EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-13750

Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/24 1:20 p.m.9 views

CVE-2026-57302

CVE-2026-57302 affects the Jenkins FitNesse Plugin, specifically version 1.36 and earlier. The root cause is unencrypted password storage in the job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller files...

4.3CVSS5.9AI score0.00178EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/24 8:0 a.m.7 views

CURL-CVE-2026-8926 password leak with netrc and user in URL

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is n...

5.8AI score0.00196EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51749

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When configured to use a .netrc file for credentials while simultaneously specifying a URL containing a username but no password e.g., https://[email protected]/, the software may incorrectly...

5.8AI score0.00196EPSS
Exploits0References20
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-8636

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...

7.5CVSS0.00146EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Ansible

A flaw was identified in the use of insufficiently random values in Ansible. Two random password lookups of the same length result in the generation of the same value as the template caching action for the same file, since no re-evaluation occurs. The greatest risk posed by this vulnerability is...

5.5CVSS6.5AI score0.00435EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in python-oslo.utils

A flaw was discovered in python-oslo-utils. Due to improper parsing, passwords that contain double quotes " cause incorrect masking in debug logs, resulting in any part of the password after the double quote being displayed as plain text...

4.9CVSS6.1AI score0.01335EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Samba

A design flaw was identified in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users with the GETCHANGES permission to access all attributes, including sensitive...

7.5CVSS6.7AI score0.01151EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:44 p.m.17 views

CVE-2026-50200 Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...

7.5CVSS0.00185EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:45 a.m.9 views

BIT-MONGODB-2026-9751 Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.2AI score0.00109EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 1:23 p.m.11 views

EUVD-2026-36424

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

5.3CVSS5.2AI score0.00105EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/11 9:41 a.m.68 views

Exploit for Improper Input Validation in Nodeca Js-Yaml

Doceker bulid 취약환경으로 Docker 환경으로 빌드를 한다. docker build -f c...

6.8CVSS5.4AI score0.17186EPSS
Exploits7
OSV
OSV
added 2026/06/11 6:39 a.m.10 views

MAL-2026-5610 Malicious code in coderzero (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bd26d5ae306572deded5926f2a32dd34de72377da3363cafc4c4026b9c5a93d When a user runs the coderzero CLI, the bundled Python client client/noderzero.py starts a clipboard monitor that polls pyperclip.paste every 300ms a...

5.5AI score
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server where log information may be leaked...

6.8CVSS5.2AI score0.00109EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 5:0 p.m.7 views

CVE-2026-11552

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...

6.9CVSS5.2AI score0.00286EPSS
Exploits0References6Affected Software2
SUSE CVE
SUSE CVE
added 2026/06/07 4:41 a.m.6 views

SUSE CVE-2026-11209

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 8:35 p.m.11 views

GHSA-HR9V-R8R2-HG7J Shopper: Multiple data integrity and disclosure issues in admin Livewire components

Impact Three related defects on admin Livewire components allowed data tampering, sensitive data disclosure, and stored XSS: - IDOR via unlocked properties. Several Livewire components in the admin panel exposed Eloquent model identifiers as public properties without the Locked attribute. An...

8.7CVSS5.6AI score0.00029EPSS
Exploits0References3
Rows per page
Query Builder