Lucene search
K

2834 matches found

EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-38603

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 hours ago3 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/06/16 7:16 p.m.10 views

CVE-2024-39575

updatediskpsubaseline.sh requires password in plain text...

7.4CVSS0.00096EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 5:54 p.m.12 views

CVE-2024-39575

Technical details are not publicly available in the provided documents; monitor for updates.

7.4CVSS5.2AI score0.00096EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/15 11:30 a.m.13 views

The Onboarding Password Mistake That Creates Unnecessary Risk

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49188

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class...

7.5CVSS6.3AI score0.00359EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:45 a.m.6 views

BIT-MONGODB-2026-9751 Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.2AI score0.00105EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 4:16 p.m.9 views

CVE-2024-45636

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.4CVSS0.00125EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 3:10 p.m.11 views

CVE-2024-45636 IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.1CVSS5.4AI score0.00125EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 3:10 p.m.21 views

CVE-2024-45636

The CVE-2024-45636 entry concerns IBM Security QRadar EDR. Affected: QRadar EDR 3.12–3.12.24. Issue: credentials are stored in plaintext, readable by a local privileged user (CWE-256). Impact: potential exposure of sensitive credentials on the host; CVSS v3.1 base score 4.1 (L, H, N) with Local a...

4.4CVSS5.4AI score0.00125EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/11 3:10 p.m.6 views

EUVD-2024-55619

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.1CVSS5.4AI score0.00125EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 3:10 p.m.29 views

CVE-2024-45636 IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.1CVSS0.00125EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.8 views

PT-2026-48669

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.24 Description User credentials are stored in plain text, which allows a local privileged user to read this sensitive information. Recommendations At the moment, there is no information about ...

4.4CVSS5.8AI score0.00125EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

SolidInvoice 安全漏洞

SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a security vulnerability. This vulnerability stemmed from API tokens being stored in the apitokens database table in plain text, which could allow attackers...

8.1CVSS5.3AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.8 views

EUVD-2026-35867

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.5AI score0.00105EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:17 p.m.11 views

CVE-2026-9751

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.3 views

UBUNTU-CVE-2026-9751

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.3AI score0.00105EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:24 p.m.7 views

CVE-2026-9751 Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.5AI score0.00105EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:24 p.m.25 views

CVE-2026-9751

The vulnerability CVE-2026-9751 affects MongoDB’s mongod process: when ldapQueryPassword is set via the runtime setParameter command, the new password is logged in plain text to mongod.log. The issue is caused by logging sensitive parameter data, leading to potential exposure of credentials on th...

6.8CVSS5.5AI score0.00105EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/06/09 10:24 p.m.9 views

Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.5AI score0.00105EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder