74 matches found
CVE-2026-29964
HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...
EUVD-2024-48631
Malicious code in bioql PyPI...
EUVD-2024-20989
Malicious code in bioql PyPI...
EUVD-2023-59418
Malicious code in bioql PyPI...
EUVD-2024-46656
Malicious code in bioql PyPI...
EUVD-2023-48153
Malicious code in bioql PyPI...
EUVD-2023-31529
Malicious code in bioql PyPI...
CVE-2025-11155
CVE-2025-11155 describes weak encoding for device password: credentials are sent in base64 inside HTTP headers, which is not encryption, allowing an interceptor to obtain them during login. The CVSS vector indicates Adjacent attack vector, Low attack complexity, no privileges, and Active user int...
CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
CVE-2023-27793
An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information...
CVE-2020-18220
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...
CVE-2024-7755
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2022-3365 Emote Interactive Remote Mouse Server command injection due to weak encoding
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...
CVE-2024-7755
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2024-7755
CVE-2024-7755 affects HMS HMS EWON FLEXY 202 gateway (Firmware Version 14.2s0). The root cause is transmission of credentials using a weak encoding (base64), allowing an attacker on the network to sniff and decode credentials. Impact is credential exposure with potential lateral movement or unsup...
HMS EWON FLEXY 202 安全漏洞
HMS EWON FLEXY 202 is a multi-purpose IIoT data gateway from HMS Sweden. Allows machine builders and users to monitor and collect important KPIs for analysis and predictive maintenance. A security vulnerability exists in HMS EWON FLEXY 202 version 14.2s0 that stems from the use of the weak encodi...
PT-2024-38563 · Unknown · Ewon Flexy 202
Name of the Vulnerable Software and Affected Versions: EWON FLEXY 202 affected versions not specified Description: The issue concerns the transmission of credentials using a weak encoding method, specifically base64. An attacker present in the network can intercept the traffic and decode the...