CLSA-2026-1779354447 shadow-utils: Fix of CVE-2023-4641

CVE-2023-4641: fix password leak in gpasswd...

CLSA-2026-1779267466 shadow-utils: Fix of CVE-2023-4641

CVE-2023-4641: fix password leak in gpasswd...

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability stems from the fact that the...

EUVD-2026-27883

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

CVE-2026-34474

CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

CURL-CVE-2026-6429 netrc credential leak with reused proxy connection

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

CVE-2026-6553

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

PT-2026-21532

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The router firmware contains a flaw where the configuration download feature reveals the router password and administrative password in plaintext. The response...

Azure Linux 3.0 Security Update: samba (CVE-2016-2124)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2016-2124 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve...

MiracleLinux 9 : shadow-utils-4.9-8.el9 (AXSA:2023-6622:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6622:03 advisory. shadow-utils: possible password leak during passwd1 change CVE-2023-4641 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : gnome-shell-3.32.2-44.el8.ML.1 (AXSA:2022-3635:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3635:03 advisory. gnome-shell: Password from logged-out user may be shown on login screen CVE-2020-17489 Tenable has extracted the preceding description block directly from th...

MiracleLinux 8 : shadow-utils-4.6-19.el8 (AXSA:2023-7078:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7078:04 advisory. shadow-utils: possible password leak during passwd1 change CVE-2023-4641 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 7 : libosinfo-1.1.0-5.el7 (AXSA:2020-4560:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4560:01 advisory. Libosinfo: osinfo-install-script option leaks password via command line argument CVE-2019-13313 Tenable has extracted the preceding description block directl...

CVE-2017-18432

In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password SEC-234...

CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the system-picked password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password...

CVE-2021-28499

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in...

CVE-2024-39314

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...