Export limit exceeded: 366908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1425 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27774 6 Brocade, Debian, Haxx and 3 more 18 Fabric Operating System, Debian Linux, Curl and 15 more 2026-04-16 5.7 Medium
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
CVE-2026-27770 1 Epower 1 Epower.ie 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-28714 3 Acronis, Linux, Microsoft 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more 2026-04-16 N/A
Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVE-2026-27027 1 Everon 1 Api.everon.io 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-20733 1 Cloudcharge 1 Cloudcharge.se 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-20435 6 Google, Linuxfoundation, Mediatek and 3 more 40 Android, Yocto, Mt2737 and 37 more 2026-04-16 4.6 Medium
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.
CVE-2026-27777 1 Mobiliti 1 E-mobi.hu 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-35185 2 Haxtheweb, Psu 2 Hax, Haxiam 2026-04-16 7.5 High
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration details. This allows any unauthenticated user to monitor real-time user interactions and gather internal infrastructure information. This vulnerability is fixed in 25.0.0.
CVE-2000-0944 1 Cgi 1 Script Center News Update 2026-04-16 9.8 Critical
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
CVE-1999-0013 1 Ssh 1 Ssh 2026-04-16 8.4 High
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
CVE-2005-3435 1 Archilles 1 Newsworld 2026-04-16 9.8 Critical
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
CVE-2026-25774 2 Ev.energy, Ev Energy 2 Ev.energy, Ev.energy 2026-04-15 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2024-12799 2026-04-15 N/A
Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.
CVE-2025-54876 1 Jansson Project 1 Jansson 2026-04-15 N/A
The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.
CVE-2025-3079 2026-04-15 8.7 High
A passback vulnerability which relates to office/small office multifunction printers and laser printers.
CVE-2025-3078 2026-04-15 8.7 High
A passback vulnerability which relates to production printers and office multifunction printers.
CVE-2025-32963 2026-04-15 N/A
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0.
CVE-2025-34062 2026-04-15 N/A
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration.
CVE-2025-34139 1 Sitecore 4 Experience Commerce, Experience Manager, Experience Platform and 1 more 2026-04-15 N/A
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.
CVE-2025-0760 2026-04-15 2.7 Low
A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.