77 matches found
CVE-2026-40639
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
CVE-2026-40639
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
PT-2026-48215
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
CVE-2026-29964
HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting XSS vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output...
EUVD-2023-48153
Malicious code in bioql PyPI...
EUVD-2023-59418
Malicious code in bioql PyPI...
EUVD-2024-46656
Malicious code in bioql PyPI...
EUVD-2023-31529
Malicious code in bioql PyPI...
EUVD-2024-48631
Malicious code in bioql PyPI...
EUVD-2024-20989
Malicious code in bioql PyPI...
CVE-2025-11155
CVE-2025-11155 describes weak encoding for device password: credentials are sent in base64 inside HTTP headers, which is not encryption, allowing an interceptor to obtain them during login. The CVSS vector indicates Adjacent attack vector, Low attack complexity, no privileges, and Active user int...
CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
CVE-2023-27793
An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information...
CVE-2020-18220
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...
CVE-2024-7755
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2022-3365 Emote Interactive Remote Mouse Server command injection due to weak encoding
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...
CVE-2024-7755
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...