CVE-2026-33722

CVE-2026-33722 (n8n) : An authenticated-but-low-privilege user could bypass the external secret list permission by referencing a secret by its external name in a credential, gaining plaintext access to secrets in connected vaults. The issue requires an instance with an external secrets vault conf...

CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving

n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the...

WordPress Plugin wpDiscuz Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin wpDiscuz, which stems fr...

CVE-2026-22728

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

On the Security of Password Managers

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely...

EUVD-2019-2772

Malware in sbrugna...

Security Bulletin: Vulnerability in Apache Kafka's SCRAM implementation affects watsonx.data

Summary Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary:...

CVE-2025-28235

An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Models Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext...

CVE-2025-28235

An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Models Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext...

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33471

AVTECH Room Alert 4E v4.4.0 is affected by a Sensor Settings vulnerability that allows an attacker to access SMTP credentials in plaintext via a crafted AJAX request. This affects devices no longer supported by the maintainer. CVSSv3.1: 7.2 (HIGH) with Network attack vector, low complexity, requi...

CVE-2023-30367

The CVE-2023-30367 entry concerns mRemoteNG prior to fixed versions (<= v1.76.20 and

Dell EMC SCG Policy Manager 加密问题漏洞

Dell EMC SCG Policy Manager is a secure connectivity gateway policy manager from Dell, Inc. An information disclosure vulnerability exists in Dell EMC SCG Policy Manager version 5.14, which stems from insufficient protection of sensitive information in the upgrade path from SRS to SCG, and can be...

CVE-2021-31798

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

Security Bulletin: Vulnerability in SSLv3 affects IBM SmartCloud Entry (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM SmartCloud Entry. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerability in SSLv3 affects Rational DOORS Web Access (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 can be enabled in IBM Rational DOORS Web Access. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts lik...

Critical PGP Vulnerability

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of...

Woltlab Burning Board 2.3.4 - File Disclosure

Exploit Title: Woltlab Burning Board 2.3.4 File Disclosure Vulnerability Date: 2010-11-12 Author: SFX Version: 2.3.4 CVE : N/A After you've used the Exploit to get the admin account: goto: http://lolcathost/wbb/acp/avatar.php?action=readfolder import: acp/lib download a backup:...