| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118. |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration details. This allows any unauthenticated user to monitor real-time user interactions and gather internal infrastructure information. This vulnerability is fixed in 25.0.0. |
| admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. |
| CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. |
| Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. |
| An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password. |
| EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend. |
| EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend. |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. |
| The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. |
| H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. |
| When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log. |
| STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. |
