Lucene search
K

999 matches found

OSV
OSV
added 2026/03/30 4:41 p.m.5 views

GHSA-5HF2-VHJ6-GJ9M nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Summary Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without...

8.8CVSS5.9AI score0.0028EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

cpp-httplib 信息泄露漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.39.0 contained an information leakage vulnerability. This vulnerability stemmed from the HTTP client forwarding stored credentials when following...

7.4CVSS5.8AI score0.00262EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

Twilio integration 安全漏洞

Twilio integration is an interface component developed by Twilio that enables the integration of communication services with message interactions. There is a security vulnerability in Twilio integration. This vulnerability stems from the fact that the webhook processor does not validate the...

8.2CVSS5.8AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.3 views

CVE-2026-33663

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS6AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.2 views

CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

5.5CVSS5.8AI score0.00175EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.9 views

CVE-2026-31850

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...

6.8CVSS5.8AI score0.00178EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:4 a.m.5 views

smb: client: Don't log plaintext credentials in cifs_set_cifscreds

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

TP-Link TL-WR850N 安全漏洞

The TP-Link TL-WR850N is a WiFi router produced by the TP-Link company. The TP-Link TL-WR850N v3 has a security vulnerability. This vulnerability arises from the fact that, when the serial interface is enabled and under weak authentication protection, management credentials and Wi-Fi credentials...

6.8CVSS5.8AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/25 9:17 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the ReadAll process. An attacker can obtain plaintext BasicAuth credentials intended for external webhook authentication by accessing the API with only read permissions to a project. Remediation Upgrade...

7.1CVSS6.4AI score0.00297EPSS
Exploits1References2
CVE
CVE
added 2026/03/25 8:25 p.m.18 views

CVE-2025-36258

CVE-2025-36258 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6. The root cause is plaintext storage of user credentials and other sensitive information, allowing a local user to read them. IBM’s security bulletin notes a CVSSv3.1 base score of 7.1 (vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 5:11 p.m.5 views

CVE-2026-33663 n8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS6AI score0.00392EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.8 views

SUSE CVE-2026-23303

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References17
EUVD
EUVD
added 2026/03/25 12:30 p.m.5 views

EUVD-2026-15240

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

5.6AI score0.00123EPSS
Exploits0References7
NVD
NVD
added 2026/03/25 11:16 a.m.3 views

CVE-2026-23303

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

5.5CVSS0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/03/25 11:16 a.m.3 views

UBUNTU-CVE-2026-23303

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/25 10:26 a.m.20 views

CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/03/25 10:26 a.m.22 views

CVE-2026-23303

The CVE-2026-23303 vulnerability affects the Linux kernel SMB client: when logging is enabled, cifs_set_cifscreds can emit plaintext credentials (username/password) to logs. The issue is fixed by removing the debug log, preventing credential exposure. The connected advisories confirm the flaw exi...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 10:26 a.m.3 views

CVE-2026-23303

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the storage of plaintext credentials in debug log records, potentially leading to credential exposure...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-28075

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS6AI score0.00392EPSS
Exploits0References2
Rows per page
Query Builder