Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4258 | 2024-08-03 | N/A | 7.5 HIGH | ||
| ** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack. | |||||
| CVE-2022-47560 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-08-03 | N/A | 6.5 MEDIUM |
| The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in. | |||||
| CVE-2023-35833 | 1 Ysoft | 1 Safeq Server | 2024-08-02 | N/A | 6.5 MEDIUM |
| An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. | |||||
| CVE-2024-5631 | 2024-08-01 | N/A | N/A | ||
| Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the video stream. The credentials are being sent when a user decides to change his password in router's portal. | |||||
| CVE-2024-41262 | 2024-08-01 | N/A | 7.4 HIGH | ||
| mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack. | |||||
| CVE-2024-28275 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests. | |||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2024-07-26 | N/A | 6.5 MEDIUM |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | |||||
| CVE-2024-41124 | 2024-07-22 | N/A | 6.3 MEDIUM | ||
| Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability. | |||||
| CVE-2024-35060 | 2024-07-17 | N/A | 7.5 HIGH | ||
| An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. | |||||
| CVE-2024-35059 | 2024-07-17 | N/A | 7.5 HIGH | ||
| An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. | |||||
| CVE-2024-35058 | 2024-07-17 | N/A | 7.5 HIGH | ||
| An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. | |||||
| CVE-2024-35057 | 2024-07-17 | N/A | 7.5 HIGH | ||
| An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2024-27166 | 2024-07-04 | N/A | 7.4 HIGH | ||
| Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27163 | 2024-07-04 | N/A | 6.5 MEDIUM | ||
| Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-37393 | 1 Securenvoy | 1 Multi-factor Authentication Solutions | 2024-07-03 | N/A | 7.5 HIGH |
| Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | |||||
| CVE-2024-37183 | 2024-06-21 | N/A | 5.7 MEDIUM | ||
| Plain text credentials and session ID can be captured with a network sniffer. | |||||
| CVE-2024-30209 | 2024-06-11 | N/A | 9.6 CRITICAL | ||
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM). | |||||
| CVE-2024-21406 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2024-05-29 | N/A | 7.5 HIGH |
| Windows Printing Service Spoofing Vulnerability | |||||
| CVE-2024-0056 | 1 Microsoft | 19 .net, .net Framework, Microsoft.data.sqlclient and 16 more | 2024-05-29 | N/A | 8.7 HIGH |
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | |||||
| CVE-2023-5461 | 1 Deltaww | 1 Wplsoft | 2024-05-17 | 2.6 LOW | 5.9 MEDIUM |
| A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||