Lucene search
K

823 matches found

Github Security Blog
Github Security Blog
added 2026/04/14 10:33 p.m.7 views

SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

Impact When SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI. Patches v1.51.1 Workarounds Change the log level to warn or error...

6CVSS5.8AI score0.00166EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32969

Name of the Vulnerable Software and Affected Versions SpiceDB versions 1.49.0 through 1.51.0 Description When the system starts with the log level set to info, the startup 'configuration' log exposes the full datastore DSN, including the plaintext password, within the DatastoreConfig.URI variable...

6CVSS5.9AI score0.00166EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.5 views

CVE-2026-35556

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS5.8AI score0.00297EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 12:31 p.m.5 views

EUVD-2021-34779

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 9:22 a.m.2 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS5.9AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 9:22 a.m.32 views

CVE-2021-47961

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combin...

8.1CVSS0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 9:31 p.m.3 views

EUVD-2026-21041

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS5.9AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 7:16 p.m.6 views

CVE-2026-35556

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS0.00297EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/09 6:57 p.m.19 views

CVE-2026-35556 Plaintext storage of a password in OpenPLC_V3

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS0.00297EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 6:57 p.m.2 views

CVE-2026-35556 Plaintext storage of a password in OpenPLC_V3

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS5.8AI score0.00297EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 6:57 p.m.14 views

CVE-2026-35556

CVE-2026-35556 affects OpenPLC_V3 and describes a Plaintext Storage of a Password vulnerability. The root issue is that credentials can be stored in plaintext, enabling an attacker to retrieve credentials and access sensitive information. The provided metrics indicate a high impact on confidentia...

9.2CVSS5.9AI score0.00297EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:57 p.m.4 views

CVE-2026-35556

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS5.9AI score0.00297EPSS
Exploits0References2
PyPA
PyPA
added 2026/04/09 4:16 p.m.53 views

PYSEC-2026-135

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs...

8.1CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.9 views

PT-2026-31694

Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description OpenPLC V3 is susceptible to a flaw involving the storage of passwords in plaintext. This could allow an attacker to obtain credentials and access sensitive information. Recommendations At...

9.2CVSS5.8AI score0.00297EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.6 views

CVE-2026-34833

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

8.7CVSS5.8AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 8:16 p.m.5 views

CVE-2026-34833

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

8.7CVSS0.0017EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 7:11 p.m.2 views

CVE-2026-34833 Bulwark Webmail: Information Exposure: password returned in /api/auth/session

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

8.7CVSS5.8AI score0.0017EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 7:11 p.m.5 views

EUVD-2026-18530

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

8.7CVSS5.8AI score0.0017EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 7:11 p.m.3 views

CVE-2026-34833

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

8.7CVSS5.8AI score0.0017EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/02 7:11 p.m.23 views

CVE-2026-34833 Bulwark Webmail: Information Exposure: password returned in /api/auth/session

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

8.7CVSS0.0017EPSS
Exploits0References2
Rows per page
Query Builder