29 matches found
Tenda firmware (multiple versions) contains hidden authentication backdoor
Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain ful...
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
EUVD-2026-26410
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2025-22463
CVE-2025-22463 affects Ivanti Workspace Control prior to 10.19.10.0, due to a hard-coded key that enables a local authenticated attacker to decrypt stored credentials (SQL and environment passwords). Root cause: hard-coded cryptographic key in the product. Impact: unauthorized access to sensitive...
CVE-2022-29043
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2019-19228
Fronius Solar Inverter devices before 3.14.1 HM 1.12.1 allow attackers to bypass authentication because the password for the today account is stored in the /tmp/webusers.conf file...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...
CVE-2025-2562
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from...
RHEL 8 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows CVE-2020-6823 - If a user sav...
Pimcore 安全漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in Pimcore...
CVE-2022-29043
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29043
Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
SOS JobScheduler 1.13.3 CVE-2020-12712 Stored Password Decryption
SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt. Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com...
SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit
Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13 Tested on: Windows and Linux CVE:...
SOS JobScheduler 1.13.3 - Stored Password Decryption
Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...
CVE-2020-6794
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master...
Default credentials
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master...
MGASA-2020-0091 Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents CVE-2020-6792. When processing an email message with an ill-formed envelope, Thunderbird could read data from a random...