Lucene search
K

2844 matches found

CVE
CVE
added 2026/05/05 6:22 a.m.13 views

CVE-2026-7824

CVE-2026-7824 – PaperCut Hive (Ricoh) : In the PaperCut Hive Ricoh embedded application, enabling the diagnostic/Deep Logging mode causes administrative credentials to be recorded in plain text in log files. An attacker with administrative access to the PaperCut Hive management portal can remotel...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/05 6:22 a.m.11 views

CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 1:12 p.m.6 views

JLSEC-2026-400

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

7.5CVSS6.9AI score0.1654EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

Prometheus 信息泄露漏洞

Prometheus is an open-source software developed in the Go language, used to create real-time metric databases built using the HTTP pull model. Versions of Prometheus prior to 3.5.3 and 3.11.3 contained a vulnerability related to information leakage. This vulnerability stemmed from remote writing ...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 10:16 p.m.5 views

CVE-2025-36335

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS0.00093EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 9:12 p.m.12 views

CVE-2025-36335

CVE-2025-36335 affects IBM watsonx.data intelligence releases 5.2.0, 5.2.1, 5.3.0, and 5.3.1. The root cause is that user credentials are stored in plain text, allowing a local user to read them. This leads to confidentiality impact (high) per the CVSS metrics, with access restricted to local con...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/30 9:12 p.m.27 views

CVE-2025-36335 Vulnerabilities found

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS0.00093EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:12 p.m.4 views

CVE-2025-36335

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 9:12 p.m.8 views

EUVD-2025-209604

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 9:12 p.m.6 views

CVE-2025-36335 Vulnerabilities found

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/30 1:21 a.m.9 views

[SECURITY] Fedora 43 Update: dokuwiki-20250514b-3.fc43

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creati ng documentation of any kind. It has a simple but powerful syntax which makes su re the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

7.5CVSS5.3AI score0.00452EPSS
Exploits1
Fedora
Fedora
added 2026/04/30 12:54 a.m.9 views

[SECURITY] Fedora 44 Update: dokuwiki-20250514b-5.fc44

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creati ng documentation of any kind. It has a simple but powerful syntax which makes su re the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

7.5CVSS5.3AI score0.00452EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

container 安全漏洞

Container is an open-source tool developed by Apple for creating and running Linux containers on Mac devices. Versions of Container prior to 0.12.3 have a security vulnerability. This vulnerability arises when connecting to hosts with domain names that bypass pattern matching, causing registry...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.3 views

PT-2026-36193

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.2.1 IBM watsonx.data intelligence versions 5.3.0 through 5.3.1 Description User credentials are stored in plain text, allowing a local user to read them. Recommendations At the moment, the...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/21 8:30 p.m.5 views

CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

5.3CVSS5.5AI score0.00147EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

Anviz CrossChex Standard 安全漏洞

Anviz CrossChex Standard is a centralized control software developed by Anviz Corporation in the United States, used for access control and attendance data management. Anviz CrossChex Standard has a security vulnerability. This vulnerability arises from the ability of attackers to manipulate the...

7.5CVSS5.8AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 2:20 p.m.4 views

CVE-2025-66236 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

5.8AI score0.00439EPSS
Exploits0References2
CVE
CVE
added 2026/04/13 2:20 p.m.44 views

CVE-2025-66236

CVE-2025-66236 concerns Apache Airflow prior to 3.2.0. The OSV/SNYK entries describe that secrets from the Airflow config file could be logged in plain text in the DAG run logs UI, exposing confidential data to users with access to logs (Deployment Manager or privileged readers). Root cause: impr...

7.5CVSS5.8AI score0.00439EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/09 8:36 a.m.7 views

BIT-CASSANDRA-2026-27315 Apache Cassandra: cqlsh history sensitive information leak

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...

5.5CVSS5.9AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

Directus 安全漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.17.0 contained a security vulnerability. This vulnerability stemmed from inconsistent calls to the prepareDelta cleanup pipeline in...

6.5CVSS5.8AI score0.0017EPSS
Exploits0References3
Rows per page
Query Builder