Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unc…

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. T…

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache al…

Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and d…

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity be…

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's managem…

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose s…

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vu…

Apache Superset up to and including 1.3.2 allowed for registered database connections password …

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords,…

SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializ…

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is n…

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By…

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassin…

Grand MA 300 allows a brute-force attack on the PIN.

UPSMON PRO configuration file stores user password in plaintext under public user directory. A …

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3…

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private c…

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authen…

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sn…

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc2…

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently prot…

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMP…

RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derive…

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated …

General Electric D20ME devices are not properly configured and reveal plaintext passwords.

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can mo…

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded c…

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or Use…

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions…

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMe…

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 m…

A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corres…

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Se…

Status2k does not remove the install directory allowing credential reset.

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to…