CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

594 matches found

Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS6.1AI score0.91469EPSS

Exploits3References5

Positive Technologies•added 2026/05/18 12:0 a.m.•6 views

PT-2026-41659

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614...

6.5CVSS5.8AI score0.00036EPSS

Exploits0References2

CNNVD•added 2026/04/17 12:0 a.m.•2 views

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Pro Cloud Server is a modeling and service platform developed by Australian company Sparx Systems. It supports remote access to model repositories and collaborative management. There is a security vulnerability in Sparx Pro Cloud Server, which stems from the storage of local user passwords ...

9.3CVSS5.8AI score0.00022EPSS

Exploits0References1

Cisco•added 2026/04/01 4:0 p.m.•18 views

Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An...

9.8CVSS6AI score0.00026EPSS

Exploits0References1

Positive Technologies•added 2026/01/28 12:0 a.m.•2 views

PT-2026-5175

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.9AI score0.00028EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 10:18 a.m.•4 views

CVE-2019-18615

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

4.9CVSS6.9AI score0.00101EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:7 a.m.•3 views

CVE-2019-20074

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page...

8.8CVSS7AI score0.00166EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:13 a.m.•5 views

CVE-2022-42284

NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure...

6.2CVSS6.7AI score0.00069EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:37 a.m.•5 views

CVE-2019-18337

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access ...

9.8CVSS6.8AI score0.00074EPSS

Exploits0References1

CVE•added 2025/12/12 3:15 p.m.•8 views

CVE-2025-53960

Apache StreamPark (affected: 2.0.0–2.1.7) suffers from a vulnerability where JWTs are signed using the user’s password as the HMAC secret (HS256). This directly exposes passwords to offline brute-forcing via captured tokens and can allow forging of identity tokens if the password is known, potent...

5.9CVSS6.5AI score0.00061EPSS

Exploits0References2Affected Software1