CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

PT-2026-28113

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

Vikunja 信息泄露漏洞

Vikunja is an open-source to-do application developed by Vikunja. Versions of Vikunja prior to 2.2.1 contained a security vulnerability where the GET /api/v1/projects/:project/webhooks endpoint returned BasicAuth credentials in plain text, potentially leading to credential exposure...

CVE-2026-32034

OpenClaw has an authentication bypass in the Control UI for versions prior to 2026.2.21 when allowInsecureAuth is enabled and the gateway is exposed over plaintext HTTP. An attacker with leaked credentials can obtain high-privilege Control UI access due to lack of secure authentication over unenc...

CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability exists in the handling of Server-Sent Events SSE when streaming plain text data. An attacker can inject crafted data int...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Improper Neutralization of Special...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability exists in the handling of Server-Sent Events SSE when streaming plain text data. An attacker can inject crafted data int...

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

EUVD-2026-10422

flarum/nicknames extension has display name injection in notification emails autolink & markdown...

EUVD-2026-10423

flarum/nicknames extension has display name injection in notification emails autolink & markdown...

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

PT-2026-24146

Name of the Vulnerable Software and Affected Versions Flarum affected versions not specified Description The Flarum forum software, when used with the flarum/nicknames extension, allows a registered user to set a nickname that email clients may interpret as a hyperlink. This nickname is directly...

Advantech ADAM-5630 Weak Encoding For Password (CVE-2024-34542)

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Nexus Wallet Interface 安全漏洞

Nexus Wallet Interface is an open-source cryptocurrency wallet interface developed by Nexus. Version 3.2.0-beta.2 of Nexus Wallet Interface contains a security vulnerability, which stems from the transmission of sensitive information in plain text...

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and allows for remote maintenance of computers and other devices. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities, which stem from the transmission o...

RustDesk Server PRO 安全漏洞

RustDesk Server PRO is a set of remote desktop server management scripts developed by RustDesk’s individual developers. Versions of RustDesk Server PRO prior to 1.7.5 contained security vulnerabilities, which stemmed from the transmission of sensitive information in plain text, potentially allowi...

Microsoft Exchange 安全漏洞

Microsoft Exchange is an enterprise-level email server provided by the American company Microsoft. Microsoft Exchange 2019 and earlier versions have a security vulnerability. This vulnerability stems from the fact that the Exchange ActiveSync configuration on local servers may transmit sensitive...