Flock Safety Gunshot Detection 安全漏洞

Flock Safety Gunshot Detection is a gunshot detection system from Flock Safety USA. A security vulnerability exists in Flock Safety Gunshot Detection versions prior to 1.3, which stems from the explicit storage of code...

CVE-2025-47010 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-32122

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server...

Netis Systems WF-2404 安全漏洞

The Netis Systems WF-2404 is a wireless router from Netis Systems. A security vulnerability exists in the Netis Systems WF-2404 version 1.1.124EN, which stems from the explicit storage of sensitive information that requires physical device access...

CVE-2021-22509

NetIQ Advance Authentication contains an information disclosure vulnerability (CVE-2021-22509) affecting versions prior to 6.3.5.1. The issue stems from storing and reusing sensitive data in the authentication process, which can lead to leakage to unauthorized users. Impact is described as inform...

CVE-2024-41689 Hard-coded Credentials Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WP...

CVE-2024-6833 Zowe CLI Auto-Init Leaks Credentials Locally

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities (CVE-2023-35006, CVE-2023-33859, CVE-2023-33860, CVE-2023-35008)

Summary IBM Security QRadar EDR Software is vulnerable to link injection and could also allow an attacker to embed links URLs to an external site or to different pages. Sensitive information could also be disclosed due to an observable login response discrepancy and web pages could be stored...

CVE-2024-39846

NewPass before 1.2.0 stores passwords rather than password hashes directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use...

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...

Unitronics Vision Legacy series (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Unitronics Equipment : Vision Legacy series Vulnerability : Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

[SECURITY] Fedora 40 Update: icedtea-web-1.8.8-5.fc40

The IcedTea-Web project provides a free software implementation of Java Web Start, originally based on the NetX, project. IcedTea's NetX currently supports verification of signed jars, trusted certificate storing, system certificate store checking, and provides the services specified by the jnlp...

CVE-2023-45696 HCL Sametime is impacted by an autocomplete enabled vulnerability

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

This Free Discovery Tool Finds and Mitigates AI-SaaS Risks

Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property IP and data against the growing and evolving risks of AI usage. SaaS...

CVE-2023-45998

kodbox 1.44 is vulnerable to Cross Site Scripting XSS. Customizing global HTML results in storing XSS...

CVE-2023-45998

kodbox 1.44 is vulnerable to Cross Site Scripting XSS. Customizing global HTML results in storing XSS...

Path traversal

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructe...

Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

Design/Logic Flaw

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

CVE-2023-31150

A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details...