Lucene search
K

995 matches found

Cvelist
Cvelist
added 2026/04/17 7:52 p.m.19 views

CVE-2026-32650 Anviz CrossChex Standard Algorithm Downgrade

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

7.5CVSS0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 7:52 p.m.13 views

CVE-2026-32650

The CVE-2026-32650 entry applies to Anviz CrossChex Standard. The description states that an attacker can manipulate the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. This highlights a credential exposure risk ...

7.5CVSS5.7AI score0.0021EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/17 9:16 a.m.6 views

CVE-2025-15622

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...

6.2CVSS0.00155EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

AVTECH Room Alert Cleartext Storage of Sensitive Information (CVE-2024-33470)

When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative...

4.9CVSS5.8AI score0.0024EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

AVTECH Room Alert Cleartext Transmission of Sensitive Information (CVE-2024-33471)

An individual with administrative access can change the mail server host within the device. An attacker who has obtained administrative access can update the mail server to an attacker controller IP. When the device attempts to authenticate to the mail server, it will pass the previously configur...

7.2CVSS5.8AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 2:16 p.m.4 views

CVE-2025-14815

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

9.3CVSS0.00101EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 1:23 p.m.7 views

CVE-2025-14816 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

9.3CVSS5.9AI score0.00101EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 1:15 p.m.3 views

CVE-2025-14815 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

9.3CVSS5.9AI score0.00101EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:15 p.m.3 views

CVE-2025-14815

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

9.3CVSS5.9AI score0.00101EPSS
Exploits0References4Affected Software6
Cvelist
Cvelist
added 2026/04/08 1:15 p.m.19 views

CVE-2025-14815 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

9.3CVSS0.00101EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

SourceCodester Student Result Management System 安全漏洞

SourceCodester Student Result Management System is an open-source student grade management system developed by SourceCodester. Version 1.0 of the SourceCodester Student Result Management System has a security vulnerability, which stems from data being stored in plaintext in the file...

6.9CVSS6AI score0.00204EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/04 12:31 a.m.4 views

EUVD-2016-10854

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...

8.6CVSS5.9AI score0.00213EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 10:16 p.m.4 views

CVE-2016-15058

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...

8.6CVSS0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:59 p.m.2 views

CVE-2016-15058

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...

8.6CVSS5.9AI score0.00213EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/03 9:59 p.m.2 views

CVE-2016-15058 Hirschmann HiLCOS Classic Platform Password Exposure via SNMP

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...

8.6CVSS5.9AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30246

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...

8.6CVSS5.9AI score0.00213EPSS
Exploits0References4
OSV
OSV
added 2026/03/30 4:41 p.m.5 views

GHSA-5HF2-VHJ6-GJ9M nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Summary Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without...

8.8CVSS5.9AI score0.0028EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

cpp-httplib 信息泄露漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.39.0 contained an information leakage vulnerability. This vulnerability stemmed from the HTTP client forwarding stored credentials when following...

7.4CVSS5.8AI score0.00262EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

Twilio integration 安全漏洞

Twilio integration is an interface component developed by Twilio that enables the integration of communication services with message interactions. There is a security vulnerability in Twilio integration. This vulnerability stems from the fact that the webhook processor does not validate the...

8.2CVSS5.8AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.2 views

CVE-2026-33663

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS6AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder