CVE-2026-50205

CVE-2026-50205 describes a vulnerability where system log files output unencrypted SMTP server authentication passwords along with sensitive employee identifiers. The brief does not specify affected products, vendors, or versions. Impact is stated as high confidentiality exposure (log leakage of ...

OpenClaw: BlueBubbles beta plugin webhook auth hardening (remove passwordless fallback)

Summary BlueBubbles webhook auth in the optional beta iMessage plugin allowed a passwordless fallback path. In some reverse-proxy/local routing setups, this could allow unauthenticated webhook events. Affected Component and Scope - Component: extensions/bluebubbles webhook handler - Scope: only...

EUVD-2002-0199

Malware in sbrugna...

EUVD-2020-22074

Malware in sbrugna...

EUVD-2005-4878

Malware in sbrugna...

EUVD-2016-3378

Malware in sbrugna...

EUVD-2012-1531

Malware in sbrugna...

EUVD-2016-4132

Malware in sbrugna...

EUVD-2025-24241

Malicious code in bioql PyPI...

CVE-2025-40752

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configure...

CVE-2025-40752

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configure...

CVE-2025-40752

CVE-2025-40752 affects Siemens POWER METER SICAM Q100/Q200 (Q100 variants 2.60–2.61/2.60–2.61 for certain SKUs) and SICAM Q200 (2.70–2.79) where SMTP password is stored in cleartext. This allows an authenticated local attacker to read the SMTP credentials from the device configuration and abuse t...

PT-2025-32655 · Siemens · Sicam Q100 +1

Name of the Vulnerable Software and Affected Versions: POWER METER SICAM Q100 versions 2.60 through 2.61 POWER METER SICAM Q200 versions 2.70 through 2.79 Description: Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extra...

MICI NetFax Server 安全漏洞

MICI NetFax Server is a product suite from China's MICI Corporation MICI designed to receive fax messages to user mailboxes via e-mail traffic. A security vulnerability exists in MICI NetFax Server versions prior to 3.0.1.0, which originates from the possibility that an authenticated user could...

CVE-2024-10403

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave...

CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's...

CVE-2020-2291

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2020-2274

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2019-9867

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator...

CVE-2025-2265 Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...