Total
1251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7231 | 2 Openstack, Redhat | 4 Cinder, Nova, Trove and 1 more | 2025-04-12 | N/A |
| The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | ||||
| CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2025-04-11 | N/A |
| Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | ||||
| CVE-2013-4869 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." | ||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2025-04-11 | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | ||||
| CVE-2012-3025 | 1 Tridium | 1 Niagara Ax | 2025-04-11 | N/A |
| The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2012-5627 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2025-04-11 | N/A |
| Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. | ||||
| CVE-2012-3268 | 2 Hp, Huawei | 675 0150a129, 0150a12a, 0150a12b and 672 more | 2025-04-11 | N/A |
| Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. | ||||
| CVE-2022-47037 | 1 Siklu | 10 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 7 more | 2025-04-10 | 7.5 High |
| Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. | ||||
| CVE-2024-51546 | 1 Abb | 41 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 38 more | 2025-04-10 | 7.5 High |
| Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2023-40510 | 1 Lg | 1 Simple Editor | 2025-04-10 | 7.5 High |
| LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getServerSetting method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20012. | ||||
| CVE-2023-40511 | 1 Lg | 1 Simple Editor | 2025-04-10 | 7.5 High |
| LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the checkServer method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20013. | ||||
| CVE-2007-0681 | 1 Extcalendar Project | 1 Extcalendar | 2025-04-09 | 9.8 Critical |
| profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | ||||
| CVE-2023-50436 | 1 Couchbase | 1 Couchbase Server | 2025-04-08 | 5.3 Medium |
| An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5. | ||||
| CVE-2021-36204 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2025-04-07 | 7.8 High |
| Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text. | ||||
| CVE-2022-41859 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2025-04-07 | 7.5 High |
| In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. | ||||
| CVE-2024-11703 | 1 Mozilla | 1 Firefox | 2025-04-05 | 5.7 Medium |
| On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. | ||||
| CVE-2005-3435 | 1 Archilles | 1 Newsworld | 2025-04-03 | 9.8 Critical |
| admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | ||||
| CVE-2000-0944 | 1 Cgi | 1 Script Center News Update | 2025-04-03 | 9.8 Critical |
| CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | ||||
| CVE-1999-0013 | 1 Ssh | 1 Ssh | 2025-04-03 | 8.4 High |
| Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | ||||
| CVE-2022-4693 | 1 Pickplugins | 1 User Verification | 2025-04-02 | 9.8 Critical |
| The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website. | ||||