Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/04/04 5:0 p.m.8 views

CVE-2026-25118

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

7.5CVSS5.8AI score0.00449EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/10/06 7:1 a.m.3 views

CVE-2025-58584

In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/06 7:1 a.m.8 views

CVE-2025-58584 Plain Text Transmission of Username and Password in the URL

In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally...

5.3CVSS0.00363EPSS
Exploits0References6
CVE
CVE
added 2025/03/05 12:0 a.m.69 views

CVE-2025-27662

CVE-2025-27662 affects Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 and Application 20.0.1923, where passwords can be exposed in URLs (OVE-20230524-0005). Root cause: insecure handling of credentials in URL. The CVSSv3.1 baseline is 9.8 (Network, Single, No user int...

9.8CVSS7.2AI score0.0057EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/03/05 12:0 a.m.9 views

CVE-2025-27662

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005...

0.0057EPSS
Exploits0References1
OSV
OSV
added 2020/07/07 6:56 p.m.4 views

GHSA-93F3-23RQ-PJFP npm CLI exposing sensitive information through logs

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files...

4.4CVSS6.8AI score0.00417EPSS
Exploits0References9
OSV
OSV
added 2009/09/15 10:30 p.m.3 views

DEBIAN-CVE-2009-2945

weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...

4.3CVSS6.6AI score0.00865EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/06/06 8:3 p.m.20 views

CVE-2005-2462

Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges...

6.9AI score0.00591EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2005/05/12 4:0 a.m.30 views

CVE-2005-1565

Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history...

5CVSS5.9AI score0.01217EPSS
Exploits1References1
Rows per page
Query Builder