CVE-2025-0760 Stored Credential Disclosure Vulnerability

A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption...

CVE-2025-0760

CVE-2025-0760 describes a credential disclosure in Tenable Identity Exposure prior to version 3.77.9. The root cause is lack of encryption for stored SMTP credentials, allowing an administrator to extract them. The CVSS v3.1 base metrics indicate a Low impact (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)...

Dotnetnuke 6.0.x < 9.11.0 Multiple Vulnerabilities (09.11.00)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 9.11.0. It is, therefore, affected by multiple vulnerabilities. - A third-party dependency, Moment.js, published security updates to their library. Fixes for the Issue DNN Platfor...

Updated git packages fix security vulnerability

Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...

Google Apps Directory Sync < 3.1.6 Weak Stored Credential Local Disclosure

The version of Google Apps Directory Sync installed on the remote host is earlier than 3.1.6 and is, therefore, affected by a weak stored credential local disclosure vulnerability. An issue exists in the way 'PBEwithMD5andDES' Java encryption algorithm is implemented, allowing a local attacker to...