Total
1110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2025-04-11 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2013-4869 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A | N/A |
| Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." | |||||
| CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2025-04-11 | 7.8 HIGH | N/A |
| Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | |||||
| CVE-2012-3268 | 2 Hp, Huawei | 675 0150a129, 0150a12a, 0150a12b and 672 more | 2025-04-11 | 3.5 LOW | N/A |
| Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. | |||||
| CVE-2024-51546 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2025-04-10 | N/A | 7.5 HIGH |
| Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2023-40510 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 7.5 HIGH |
| LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getServerSetting method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20012. | |||||
| CVE-2023-40511 | 1 Lg | 1 Simple Editor | 2025-04-10 | N/A | 7.5 HIGH |
| LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the checkServer method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20013. | |||||
| CVE-2025-26628 | 2025-04-09 | N/A | 7.3 HIGH | ||
| Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally. | |||||
| CVE-2007-0681 | 1 Extcalendar Project | 1 Extcalendar | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | |||||
| CVE-2023-50436 | 1 Couchbase | 1 Couchbase Server | 2025-04-08 | N/A | 5.3 MEDIUM |
| An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5. | |||||
| CVE-2022-41859 | 1 Freeradius | 1 Freeradius | 2025-04-07 | N/A | 7.5 HIGH |
| In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. | |||||
| CVE-2024-11703 | 1 Mozilla | 1 Firefox | 2025-04-05 | N/A | 5.7 MEDIUM |
| On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. | |||||
| CVE-2020-29583 | 1 Zyxel | 60 Atp100, Atp100 Firmware, Atp100w and 57 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | |||||
| CVE-1999-0013 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.5 HIGH | 8.4 HIGH |
| Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | |||||
| CVE-2005-3435 | 1 Archilles | 1 Newsworld | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | |||||
| CVE-2000-0944 | 1 Cgi | 1 Script Center News Update | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | |||||
| CVE-2022-4693 | 1 Pickplugins | 1 User Verification | 2025-04-02 | N/A | 9.8 CRITICAL |
| The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website. | |||||
| CVE-2022-46967 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2025-03-31 | N/A | 9.8 CRITICAL |
| An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory. | |||||
| CVE-2023-35789 | 1 Rabbitmq-c Project | 1 Rabbitmq-c | 2025-03-30 | N/A | 5.5 MEDIUM |
| An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. | |||||
| CVE-2025-2908 | 2025-03-28 | N/A | N/A | ||
| The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files. | |||||