Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.9 views

CVE-2021-33325

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the...

4.9CVSS6.5AI score0.00568EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1214

Malware in sbrugna...

2.1CVSS6.4AI score0.00365EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-14249

Malware in sbrugna...

7.1CVSS6.9AI score0.0081EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-1468

Malware in sbrugna...

9.8CVSS9.2AI score0.01326EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-4407

Malware in sbrugna...

2.1CVSS6.4AI score0.00438EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-26885

Malware in sbrugna...

7.5CVSS7.5AI score0.04226EPSS
Exploits5References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2001-1384

Malware in sbrugna...

7.5CVSS6.4AI score0.01126EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-27846

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:9 a.m.7 views

CVE-2022-44014

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

6.5CVSS7.4AI score0.00747EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.9 views

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...

7.1CVSS7AI score0.00468EPSS
Exploits1References1
OSV
OSV
added 2025/03/03 7:55 p.m.5 views

GHSA-H8H6-7752-G28C Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

4.8CVSS5.3AI score0.00146EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/17 2:21 p.m.11 views

CVE-2023-1831 User password logged in audit logs

Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled ExperimentalAuditSettings section in config...

7.2CVSS6.9AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.5 views

PT-2022-27077 · Unknown · Simmeth Lieferantenmanager

Name of the Vulnerable Software and Affected Versions: Simmeth Lieferantenmanager versions prior to 5.6 Description: An issue in the design of the API allows a user to fetch arbitrary SQL tables, leaking all user passwords and MSSQL hashes via the "/DS/LM API/api/SelectionService/GetPaggedTab" AP...

6.5CVSS6.6AI score0.00747EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.9 views

PT-2022-6293 · Апекс-Вуз · Апекс-Вуз

Name of the Vulnerable Software and Affected Versions: Апекс-ВУЗ affected versions not specified Description: The issue is related to the password reset mechanism in the education automation system, which uses the SHA-1 encryption algorithm with insufficient strength. This could allow a remote...

5CVSS7AI score
Exploits0References1
EUVD
EUVD
added 2021/12/22 1:40 p.m.6 views

EUVD-2021-23339

ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users across USB drives sold under multiple brand names...

8.1CVSS8.1AI score0.13526EPSS
Exploits0References4
CNVD
CNVD
added 2021/05/21 12:0 a.m.5 views

DoraCMS Encryption Problem Vulnerability

DoraCMS is based on Nodejs+eggjs+mongodb written a content management system . An encryption issue vulnerability exists in DoraCMS 2.1.1 and earlier versions. The vulnerability arises because the program does not use AES-CBC encryption with random salts or IVs, which makes user-encrypted password...

7.5CVSS6.5AI score0.00412EPSS
Exploits1References1
Prion
Prion
added 2019/12/19 5:15 p.m.24 views

Design/Logic Flaw

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

3.5CVSS5AI score0.00494EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/02/06 12:0 a.m.20 views

Mozilla Firefox < 62.0 Multiple Vulnerabilities

Binary data 700407.prm...

9.8CVSS6.5AI score0.03662EPSS
Exploits6References10
RedHat Linux
RedHat Linux
added 2012/02/06 6:16 p.m.30 views

Low: Red Hat Security Advisory: Red Hat Network Proxy spacewalk-backend security and bug fix update

Updated spacewalk-backend packages that fix one security issue are now available for Red Hat Network Proxy 5.4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

4.3CVSS5.8AI score0.01642EPSS
Exploits0References2
NVD
NVD
added 2008/09/22 6:34 p.m.11 views

CVE-2008-4165

admin/user/createuser.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the sslaccesslog file or the referer string...

4CVSS6.6AI score0.00973EPSS
Exploits0References4
Rows per page
Query Builder