CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage Redis or disk, but it would allow a malicious process that gains access to t...

7.5CVSS6.8AI score0.0074EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 12:39 p.m.•4 views

CVE-2010-5092

The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database...

1.9CVSS6.1AI score0.00064EPSS

Exploits0References1

NVD•added 2025/03/13 5:15 p.m.•7 views

CVE-2025-2265

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

7.8CVSS0.00064EPSS

Exploits0References1

Cvelist•added 2024/06/17 3:7 a.m.•12 views

CVE-2024-5163 Improper permission settings in com.transsion.carlcare

Improper permission settings for mobile applications com.transsion.carlcare may lead to user password and account security risks...

0.00168EPSS

Exploits0References2

CVE•added 2024/06/17 3:7 a.m.•50 views

CVE-2024-5163

CVE-2024-5163 affects the com.transsion.carlcare mobile app. Root cause: improper permission settings in the app, which may expose user passwords and compromise account security. CVSS v3.1 base score 9.8 (CRITICAL) with Network attack vector, no user interaction required, and high impacts to conf...

9.8CVSS9.6AI score0.00168EPSS

Exploits0References3

Positive Technologies•added 2022/09/23 12:0 a.m.•3 views

PT-2022-14472 · Grandstream · Grandstream Gsd3710

Name of the Vulnerable Software and Affected Versions: Grandstream GSD3710 version 1.0.11.13 Description: The issue allows an attacker with knowledge of user and password to overflow the stack, as it does not check the parameter length before using the strcopy instruction. This could lead to an...

9.8CVSS9.6AI score0.11321EPSS

Exploits1References4

0day.today•added 2005/07/11 12:0 a.m.•37 views

BlogTorrent <= 0.92 Remote Password Disclosure Exploit

Exploit for unknown platform in category web applications ====================================================== BlogTorrent 14ae696abdca1688dd577fe486c3981f331457b0d7 Password crypt in md5 - d7b82821fe725305bded2fab9e91ed1e0e6fd93bee LazyCrsATGMailDOTcom - pjphemATmyboxDOTit FREE RAFA! FREE RAFA...

7.1AI score

Exploits0