CVE-2025-67034

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges...

CVE-2025-67034

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges...

EUVD-2018-0712

Malware in sbrugna...

EUVD-2024-2350

Malicious code in bioql PyPI...

CVE-2024-6833

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

PT-2024-13897 · Ibm · Ibm Cics Transaction Gateway For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM CICS Transaction Gateway for Multiplatforms versions 9.2 through 9.3 Description: The issue concerns the transmission and storage of authentication credentials by the software, which uses an insecure method. This makes the credentials...

Zowe CLI allows storage of previously entered secure credentials in a plaintext file

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

CVE-2024-6833

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

CVE-2024-6833 Zowe CLI Auto-Init Leaks Credentials Locally

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

CVE-2024-6833

CVE-2024-6833 affects Zowe CLI. A local, privileged attacker can exploit an auto-init operation to cause credentials entered by a user to be written to a plaintext file, exposing sensitive information. The vulnerability is described as a credentials exposure via insecure storage in the auto-init ...

PT-2024-22903 · Unknown · Ros2 Humble Hawksbill

Name of the Vulnerable Software and Affected Versions: ROS2 Humble Hawksbill version 2 Description: An issue was discovered in the default configurations of ROS2 Humble Hawksbill, allowing unauthenticated attackers to gain access using default credentials. Recommendations: For ROS2 Humble Hawksbi...

CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)

Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI, highlighting threats to Baseboard Management Controller BMC implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computer...

UBUNTU-CVE-2022-24809

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a GET-NEXT to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...

New Relic: Secure credentials values disclosure to regular users due to access control issue in monitor creating function

@skavans discovered a test endpoint for Syntethics monitors that did not properly validate the permissions of the user making the request. This could allow lesser privileged users on the same to account create monitors using Secure Credentials...

New Relic: Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values)

@skavans identified an endpoint for testing Synthetics monitors. Without proper validation, this could allow monitors from other accounts to run on your account with knowledge of the monitor's ID: POST /accounts//monitors/monitor/recheck.json?monitorId= HTTP/1.1 Host: synthetics.newrelic.com...

CloudBees Jenkins SSH Credentials Plugin Arbitrary File Read Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed tasks . SSH Credentials Plugin is used in one of the storage of SSH credentials used in the Jenkins Plugin. An...

NetIQ Privileged User Manager Detection

The remote host is running NetIQ Privileged User Manager. NetIQ Privileged User Manager is an application for securely storing credentials for privileged user accounts and delegating access to network hosts and devices. C Tenable Network Security, Inc. include"compat.inc"; if description...