Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unc…

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. T…

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache al…

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity be…

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's managem…

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose s…

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vu…

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,…

SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializ…

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is n…

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By…

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

Grand MA 300 allows a brute-force attack on the PIN.

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private c…

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can mo…

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions…

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMe…

Status2k does not remove the install directory allowing credential reset.

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices…

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attack…

CGI Script Center News Update 1.1 does not properly validate the original news administration p…

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701…

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker t…

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the dev…

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arb…

An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as…

Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private R…

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext passwor…

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulne…

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level para…

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.…

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in …

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with f…

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS…

An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key e…

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remot…

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does…