2791 matches found
CVE-2021-21508
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...
EUVD-2021-8780
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...
CVE-2026-8673 Password re-initialization mechanism sends passwords in plain text
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0...
CVE-2026-8673
CVE-2026-8673 describes an unprotected transport of credentials in Avantra from syslink software AG on Linux and Windows, allowing sniffing of credentials. The affected line is Avantra before version 25.3.0. Documented impacts emphasize confidentiality and integrity risks, with CVSS v3.1 indicati...
CVE-2026-8673 Password re-initialization mechanism sends passwords in plain text
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0...
PT-2026-42768
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable...
Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016720)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016720 advisory. A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because...
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...
Astra Linux - уязвимость в zabbix
When exporting media types, the passwords are exported in plain text within the YAML file. This appears to be a best practices issue and may not actually have any significant impact. The user must have permissions to access the media types, and therefore it is expected that they will have access ...
Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 安全漏洞
The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...
Exploit for Race Condition in Canonical Ubuntu_Linux
IoT Firmware Reverse Engineering — IoT Camera Security Uni...
Mattermost 信息泄露漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have a vulnerability related to information leakage. This...
[SECURITY] Fedora 44 Update: python-jupytext-1.19.1-4.fc44
Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...
[SECURITY] Fedora 43 Update: python-jupytext-1.19.1-4.fc43
Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...
VMware Spring Cloud Config 日志信息泄露漏洞
VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a vulnerability related to log information leakage...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
DEBIAN-CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
UBUNTU-CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...