High
CVSS: 8.6
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The configuration files (e.g., zebra.conf, bgpd.co…
Medium
CVSS: 6.0
In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear…
Medium
CVSS: 4.6
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. Use…
Unknown
CVSS: -
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth…
Medium
CVSS: 6.9
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Medium
CVSS: 6.9
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Medium
CVSS: 6.9
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Medium
CVSS: 6.9
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Medium
CVSS: 6.9
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Medium
CVSS: 6.9
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
Low
CVSS: 3.8
A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users.
Medium
CVSS: 5.7
The web management interface of the device renders the passwords in a
plaintext input field. The current password is directly visible to
anyone with access to the UI, potentially exposing administrator
credentials to unauthorized observa…
Medium
CVSS: 6.9
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces (for example, when request URLs include `https://api.telegram.org/bot/...`). Prior to version 2026.2.15, OpenClaw logged these strings wi…
High
CVSS: 7.0
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu…
Low
CVSS: 2.4
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to ex…
High
CVSS: 8.7
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi net…
Low
CVSS: 3.7
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increas…
Medium
CVSS: 6.5
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a speciall…
High
CVSS: 7.1
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/…
Low
CVSS: 2.1
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account secur…