34 matches found
PT-2026-44770
Name of the Vulnerable Software and Affected Versions Acer device firmware affected versions not specified Description The acer cgi.log file in the device firmware is accessible without authentication through the web interface. This file stores login credentials for web and Telnet in cleartext,...
EUVD-2026-32929
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...
CVE-2026-41506
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....
CVE-2020-37026
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...
CVE-2020-37026 Sickbeard 0.1 - Cross-Site Request Forgery
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...
CVE-2020-37026 Sickbeard 0.1 - Cross-Site Request Forgery
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...
CVE-2020-37026
Sickbeard alpha is affected by CVE-2020-37026: a cross-site request forgery that enables an attacker to disable authentication by submitting crafted configuration parameters. This can trick a user into submitting a malicious form that clears the web username and password, effectively removing aut...
PT-2026-5468
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication...
CVE-2025-45378
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials...
CVE-2025-45378
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials...
CVE-2025-45378
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials...
EUVD-2025-37896
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials...
Squid < 7.2 Information Disclosure (SQUID-2025:2)
The version of Squid on the remote host is prior to 7.2. It is, therefore, affected by an information disclosure vulnerability: - Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information...
Gmail breach panic? It’s a misunderstanding, not a hack
After a misinterpretation of an interview with a security researcher, several media outlets hinted at a major Gmail breach. Reporters claimed the incident took place in April. In reality, the researcher had said there was an enormous amount of Gmail usernames and passwords circulating on the dark...
UBUNTU-CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
EUVD-2025-34894
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
CVE-2013-2560
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. dot dot in the URI, as demonstrated by discovering 1 web credentials or 2 Wi-Fi credentials...
Phishing evolves beyond email to become latest Android app threat
There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest...
PT-2023-30321 · Unknown +1 · Clickhouse
Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 23.10.2.13-stable ClickHouse versions prior to 23.9.4.11-stable ClickHouse versions prior to 23.8.6.16-lts ClickHouse versions prior to 23.3.16.7-lts Description: A heap buffer overflow issue was discovered in the...
SUSE CVE-2015-3754
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...