Lucene search
K

8354 matches found

Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-13437

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...

0.00255EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-13437

CVE-2026-13437 affects Devolutions PowerShell Universal 2026.2.0. An attacker with AI Agent read access can exploit the AI Agent job API to receive App Tokens serialized in plaintext within API responses, enabling retrieval of reusable authentication tokens with potential higher privilege. The un...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
OSV
OSV
added 5 days ago5 views

PYSEC-2026-574 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

Summary The resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6AI score0.00371EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-53303

Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal version 2026.2.0 Description An information disclosure issue exists in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable, potentially higher-privileged authentication...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-53313

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Sensitive information is inserted into log files in plaintext. This occurs when credentials, such as passwords, tokens, or private key material, are written to persistent local debug logs. An...

5.5CVSS6AI score0.00108EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 9:16 p.m.9 views

CVE-2026-39031

Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...

5.5CVSS0.00089EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 6:57 p.m.29 views

CVE-2026-52783 OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage.<id>.httpx_access_token" leads to Sensitive Data Exposure

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS0.00129EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 6:57 p.m.17 views

CVE-2026-52783

OpenProject stores OneDrive/SharePoint userless OAuth access_token in plaintext in Rails.cache within the Storages module prior to versions 17.3.3 and 17.4.1. None of the allowed backends (file_store, memcache, redis) encrypts data at rest. An attacker with read access to the cache can retrieve t...

8.2CVSS5.6AI score0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.22 views

CVE-2026-39031

Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...

0.00089EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52914

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The Storages module writes the OneDrive/SharePoint userless OAuth access token in plaintext to the Rails.cache using the deterministic key storage..httpx...

8.2CVSS5.8AI score0.00129EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:53 p.m.5 views

CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/25 4:53 p.m.5 views

EUVD-2026-39493

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:53 p.m.17 views

CVE-2026-55967

CVE-2026-55967 covers AES-GCM streaming APIs that fail to reject extremely large cumulative single messages (&gt;64 GiB), allowing counter wrap and keystream reuse and enabling plaintext recovery. Public documents reference the same issue across multiple OS advisories (Ubuntu, Debian, Debian-deri...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52655

Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description Passwords are stored in plaintext in the users.password column when a user's password is updated. This occurs because the User model only triggers password hashing during the before insert even...

4.9CVSS5.8AI score
Exploits0References5
CVE
CVE
added 2026/06/24 4:28 p.m.9 views

CVE-2026-52956

The CVE-2026-52956 issue affects the Linux kernel’s libceph code, specifically __ceph_x_decrypt(), where a buffer region can be misinterpreted as a ceph_x_encrypt_header and hdr-&gt;magic accessed without ensuring sufficient plaintext size. This can trigger an out-of-bounds memory access when cip...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 9:16 p.m.10 views

CVE-2026-47379

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...

6.9CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-11807

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS0.0037EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 8:17 p.m.20 views

CVE-2026-47379

CVE-2026-47379 – NocoDB : The shared-view password check used a strict-equality comparison for legacy plaintext passwords, leaking the password length and per-character prefix via response timing. The bcrypt branch was unaffected; the vulnerability lies in the legacy comparison path in the shared...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References1
Rows per page
Query Builder