54 matches found
EUVD-2025-210448
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
CVE-2025-63579
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
CVE-2026-53949 Ghost Content API filter bypass reveals private fields
Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private fields via a brute force attack. If SQLite was used as the database password hashes were fully...
EUVD-2026-38283
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...
PHP EI-Tube Script SQL注入漏洞
The PHP EI-Tube Script is a video website construction system developed by Elis Atef. The PHP EI-Tube Script has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the search parameter, which may allow unauthenticated attackers to execute arbitrary SQL...
F5 Networks BIG-IP : iControl REST vulnerability (K000158070)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000158070 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in thegtmaddandbigipaddiControl REST commands that return...
CVE-2026-22315
Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...
GHSA-W47F-J8RH-WX87 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...
CVE-2026-35484 text-generation-webui has a Path Traversal in load_preset() — .yaml file read without authentication
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...
CVE-2019-25605
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...
EUVD-2025-208687
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...
CVE-2025-67860 NeuVector scanner insecurely handles passwords as command arguments
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...
PT-2026-21754
Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The firmware exposes user passwords in plaintext within the administrative interface and HTTP responses, potentially allowing recovery of valid...
CVE-2026-0747
Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or scree...
Unspecified Vulnerability in AXIS OS
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...
CVE-2025-34293
GN4 Publishing System before 2.6 is affected by an insecure direct object reference (IDOR) via the API. Authenticated requests to object endpoints allow an authenticated user to query arbitrary user IDs and retrieve sensitive data, including stored passwords and the account’s security question/an...
EUVD-2012-0840
Malware in sbrugna...
CVE-2025-30063
The configuration file containing database logins and passwords is readable by any local user...
CVE-2025-30063
Technical details for CVE-2025-30063 are not publicly available in the provided documents. The connected EUVD entries do not reveal affected products, root cause, or remediation for this CVE. Monitor for updates.
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence AI chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked...