High
CVSS: 8.8
When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact…
High
CVSS: 8.8
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Critical
CVSS: 9.4
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private hel…
Medium
CVSS: 5.1
api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple sys…
Critical
CVSS: 9.3
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user.
Critical
CVSS: 9.2
E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters.
High
CVSS: 7.7
E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services.
Critical
CVSS: 9.8
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll
Critical
CVSS: 9.8
GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthoriz…
Medium
CVSS: 4.8
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could al…
Medium
CVSS: 5.3
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.
High
CVSS: 7.1
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The crea…
Medium
CVSS: 6.9
The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.
High
CVSS: 7.2
Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.
Medium
CVSS: 6.5
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected us…
Medium
CVSS: 4.8
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular us…
Critical
CVSS: 9.8
RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded username and password was accidentally comm…
High
CVSS: 8.7
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experienc…
Low
CVSS: 2.2
Mattermost versions 10.5.x
Medium
CVSS: 5.3
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.