Lucene search
K

2845 matches found

NVD
NVD
added 2026/04/08 2:16 p.m.7 views

CVE-2025-14816

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

9.3CVSS0.00101EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:23 p.m.4 views

CVE-2025-14816

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

9.3CVSS5.9AI score0.00101EPSS
Exploits0References4Affected Software6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31440

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

8.5CVSS6.1AI score0.00219EPSS
Exploits0References3
Redos
Redos
added 2026/04/07 12:0 a.m.6 views

ROS-20260407-73-0041

A vulnerability in the TLS traffic proxying mechanism of NGINX Plus and NGINX OSS web servers is related to the loading of external unreliable data along with reliable data. Exploitation of the vulnerability could allow an attacker acting remotely to inject data in plain text form...

8.2CVSS6.1AI score0.00339EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 26 contain security vulnerabilities. These vulnerabilities stem from the fact that video passwords are stored in the database as plain text, which may lead to the...

9.1CVSS5.8AI score0.00152EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

IBM InfoSphere 11.7.0.x <= 11.7.1.6 Multiple Vulnerabilities

The version of IBM InfoSphere Information Server installed on the remote host is 11.7.0.0 through 11.7.1.6. It is, therefore, affected by multiple vulnerabilities, including: - IBM InfoSphere Information Server stores user credentials and other sensitive information in plain text which can be rea...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References28
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 9:30 p.m.8 views

EUVD-2025-209023

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 9:16 p.m.7 views

CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:25 p.m.4 views

CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.10 views

PT-2026-28113

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/24 10:39 a.m.13 views

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

8.2CVSS6AI score0.00339EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

Vikunja 信息泄露漏洞

Vikunja is an open-source to-do application developed by Vikunja. Versions of Vikunja prior to 2.2.1 contained a security vulnerability where the GET /api/v1/projects/:project/webhooks endpoint returned BasicAuth credentials in plain text, potentially leading to credential exposure...

6.5CVSS6.4AI score0.00297EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/19 10:7 p.m.3 views

CVE-2026-32034 OpenClaw < 2026.2.21 - Insecure Control UI Authentication over Plaintext HTTP

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

8.1CVSS5.8AI score0.00381EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 10:7 p.m.13 views

CVE-2026-32034

OpenClaw versions prior to 2026.2.21 are affected by an authentication bypass in the Control UI when gateway.controlUi.allowInsecureAuth is enabled and the gateway is exposed over plaintext HTTP. An attacker with leaked credentials could gain high-privilege UI access by bypassing device identity ...

8.1CVSS5.8AI score0.00381EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/19 12:0 a.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability exists in the handling of Server-Sent Events SSE when streaming plain text data. An attacker can inject crafted data int...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 12:0 a.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Improper Neutralization of Special...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 12:0 a.m.4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability exists in the handling of Server-Sent Events SSE when streaming plain text data. An attacker can inject crafted data int...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 5:40 p.m.11 views

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

4.6CVSS0.00165EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/10 12:56 a.m.6 views

EUVD-2026-10422

flarum/nicknames extension has display name injection in notification emails autolink & markdown...

4.6CVSS5.8AI score0.00165EPSS
Exploits0References4
Rows per page
Query Builder