Lucene search
K

29 matches found

CERT
CERT
added 2026/07/06 12:0 a.m.7 views

Tenda firmware (multiple versions) contains hidden authentication backdoor

Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain ful...

9.8CVSS6.1AI score0.00668EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.4AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 7:16 p.m.7 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 6:23 p.m.13 views

EUVD-2026-26410

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.3AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 2025/06/10 2:39 p.m.65 views

CVE-2025-22463

CVE-2025-22463 affects Ivanti Workspace Control prior to 10.19.10.0, due to a hard-coded key that enables a local authenticated attacker to decrypt stored credentials (SQL and environment passwords). Root cause: hard-coded cryptographic key in the product. Impact: unauthorized access to sensitive...

7.3CVSS7AI score0.00352EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:44 p.m.9 views

CVE-2022-29043

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00798EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.6 views

CVE-2019-19228

Fronius Solar Inverter devices before 3.14.1 HM 1.12.1 allow attackers to bypass authentication because the password for the today account is stored in the /tmp/webusers.conf file...

9.8CVSS7.2AI score0.01898EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.6 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...

4.4CVSS6.2AI score0.00207EPSS
Exploits0References3
OSV
OSV
added 2025/03/26 6:15 p.m.4 views

CVE-2025-2562

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from...

5.4CVSS5.7AI score0.00386EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.33 views

RHEL 8 : mozilla (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows CVE-2020-6823 - If a user sav...

6.9AI score0.01612EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.21 views

Pimcore 安全漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in Pimcore...

6.7CVSS6AI score0.00547EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.3 views

CVE-2022-29043

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.1AI score0.00798EPSS
Exploits0References2
Prion
Prion
added 2022/04/12 8:15 p.m.23 views

Cross site scripting

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

3.5CVSS5.2AI score0.00798EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/04/12 7:50 p.m.60 views

CVE-2022-29043

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS2.7AI score0.00798EPSS
Exploits0References1
0daydb
0daydb
added 2020/06/18 1:30 a.m.274 views

SOS JobScheduler 1.13.3 CVE-2020-12712 Stored Password Decryption

SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt. Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com...

6.5CVSS7.2AI score0.26546EPSS
Exploits13
0day.today
0day.today
added 2020/06/16 12:0 a.m.152 views

SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13 Tested on: Windows and Linux CVE:...

7.5CVSS7.4AI score0.07842EPSS
Exploits6
Exploit DB
Exploit DB
added 2020/06/15 12:0 a.m.675 views

SOS JobScheduler 1.13.3 - Stored Password Decryption

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...

7.5CVSS7.4AI score0.07842EPSS
Exploits6
UbuntuCve
UbuntuCve
added 2020/03/02 5:15 a.m.35 views

CVE-2020-6794

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master...

6.5CVSS6.8AI score0.00991EPSS
Exploits1References4
Prion
Prion
added 2020/03/02 5:15 a.m.19 views

Default credentials

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master...

4.3CVSS6.8AI score0.00991EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2020/02/18 2:5 p.m.11 views

MGASA-2020-0091 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents CVE-2020-6792. When processing an email message with an ill-formed envelope, Thunderbird could read data from a random...

8.8CVSS7.9AI score0.02274EPSS
Exploits1References4
Rows per page
Query Builder