Total
1251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3082 | 1 Proges | 3 Sensor Net Connect, Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-09-30 | 4.2 Medium |
| A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security measures at other layers (e.g., full-disk encryption) have been enabled. | ||||
| CVE-2024-40703 | 1 Ibm | 2 Cognos Analytics, Cognos Analytics Reports | 2024-09-27 | 5.5 Medium |
| IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. | ||||
| CVE-2024-44815 | 2 Hathway, Skyworthdigital | 3 Skyworth Cm5100-511, Skyworth Cm5100-511 Firmware, Cm5100 Firmware | 2024-09-25 | 8 High |
| Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. | ||||
| CVE-2024-47162 | 1 Jetbrains | 1 Youtrack | 2024-09-24 | 4.1 Medium |
| In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | ||||
| CVE-2024-8777 | 1 Syscomgo | 1 Omflow | 2024-09-20 | 7.5 High |
| OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials. | ||||
| CVE-2024-8986 | 2024-09-20 | 5.5 Medium | ||
| The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials. | ||||
| CVE-2024-28981 | 2024-09-12 | 8.5 High | ||
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | ||||
| CVE-2024-39818 | 1 Zoom | 6 Rooms, Vdi Windows Meeting Client, Workplace and 3 more | 2024-09-11 | 7.5 High |
| Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | ||||
| CVE-2024-6118 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | 9.1 Critical |
| A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | ||||
| CVE-2024-7813 | 2 Prison Management System Project, Sourcecodester | 2 Prison Management System, Prison Management System | 2024-08-19 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-40704 | 1 Ibm | 1 Infosphere Information Server | 2024-08-15 | 4.9 Medium |
| IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. | ||||