CVE-2026-48859

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

GHSA-H3M5-P59H-X88P openssl-encrypt has visible password in process list via --password CLI argument

Summary Passwords passed via the --password / -p CLI argument in opensslencrypt/modules/cryptclisubparser.py at lines 150-154 are visible to any user on the system via ps aux or /proc/pid/cmdline. Affected Code python subparser.addargument "--password", "-p", help="Password will prompt if not...

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

EUVD-2009-3507

Malware in sbrugna...

EUVD-2020-2739

Malware in sbrugna...

EUVD-2025-24567

Malicious code in bioql PyPI...

PT-2022-4970 · Aes Crypt · Aescrypt

Name of the Vulnerable Software and Affected Versions: AES Crypt version 3.11 Description: The issue is related to reading user-provided passwords and confirmations via command-line prompts in AES Crypt for Linux. Password lengths were not checked before being read, which may lead to buffer...

CVE-2020-10284

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarmstudio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the...

Authentication flaw

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarmstudio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the...

Change Password Option in StoreFront Not Shown, Available Only for Admins

Change password option in StoreFront not shown for non-domain admins but is there for domain admins...

StarVedia IPCamera IC502w IC502w+ v020313 - Username/Password Disclosure

No description provided by source. !/usr/bin/perl + StarVedia IPCamera IC502w IC502w+ v020313 remote bypass username/password disclosure exploit Author: Todor Donev Email: todor.donev at gmail dot com Type: Hardware Thanks to Tsvetelina Emirska the best friend in my life and all my other friends...

WinRadius Server 2009 Denial of Service

No description provided by source. Title: WinRadius Server Denial Of Service Vulnerability Software : WinRadius Software Version : v2009 Vendor: http://www.elite-school.com/saas/WinRadius/ Vulnerability Published : 2012-05-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0,...

IBM BPMS 8.0.0.1 Privilege Escalation / Disclosure

IBM BPMS version 8.0.0.1 suffers from account reconfiguration, privilege escalation, and information disclosure vulnerabilities. Exploit Title: IBM BPMS BPM User account reconfiguration/Privilege Escalation/Information Disclosure Date: 31.01.14 Exploit Author: 0in Software link:...

Design/Logic Flaw

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...