Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unc…

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. T…

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache al…

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity be…

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's managem…

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose s…

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid lo…

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vu…

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,…

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protectio…

SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializ…

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is n…

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By…

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

Grand MA 300 allows a brute-force attack on the PIN.

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress …

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private c…

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when …

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet…

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet…

ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attack…

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet…

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions…

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMe…

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA…

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows att…

A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code…

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a se…

Status2k does not remove the install directory allowing credential reset.

An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before …

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices…

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attack…

CGI Script Center News Update 1.1 does not properly validate the original news administration p…

A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-f…

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701…

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attack…