999 matches found
GHSA-5HF2-VHJ6-GJ9M nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys
Summary Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without...
cpp-httplib 信息泄露漏洞
cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.39.0 contained an information leakage vulnerability. This vulnerability stemmed from the HTTP client forwarding stored credentials when following...
Twilio integration 安全漏洞
Twilio integration is an interface component developed by Twilio that enables the integration of communication services with message interactions. There is a security vulnerability in Twilio integration. This vulnerability stems from the fact that the webhook processor does not validate the...
CVE-2026-33663
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...
CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-31850
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...
smb: client: Don't log plaintext credentials in cifs_set_cifscreds
...
TP-Link TL-WR850N 安全漏洞
The TP-Link TL-WR850N is a WiFi router produced by the TP-Link company. The TP-Link TL-WR850N v3 has a security vulnerability. This vulnerability arises from the fact that, when the serial interface is enabled and under weak authentication protection, management credentials and Wi-Fi credentials...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the ReadAll process. An attacker can obtain plaintext BasicAuth credentials intended for external webhook authentication by accessing the API with only read permissions to a project. Remediation Upgrade...
CVE-2025-36258
CVE-2025-36258 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6. The root cause is plaintext storage of user credentials and other sensitive information, allowing a local user to read them. IBM’s security bulletin notes a CVSSv3.1 base score of 7.1 (vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/...
CVE-2026-33663 n8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...
SUSE CVE-2026-23303
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...
EUVD-2026-15240
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...
CVE-2026-23303
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...
UBUNTU-CVE-2026-23303
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...
CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...
CVE-2026-23303
The CVE-2026-23303 vulnerability affects the Linux kernel SMB client: when logging is enabled, cifs_set_cifscreds can emit plaintext credentials (username/password) to logs. The issue is fixed by removing the debug log, preventing credential exposure. The connected advisories confirm the flaw exi...
CVE-2026-23303
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the storage of plaintext credentials in debug log records, potentially leading to credential exposure...
PT-2026-28075
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...