CVE & Exploit Intelligence Database

CVE-2022-47561 7.3 HIGH EPSS 0.00

The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.

CWE-522 Sep 20, 2023

CVE-2023-25532 6.5 MEDIUM EPSS 0.00

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.

CWE-522 Sep 20, 2023

CVE-2023-25531 7.6 HIGH EPSS 0.00

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.

CWE-522 Sep 20, 2023

CVE-2023-41010 5.5 MEDIUM EPSS 0.00

Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter.

CWE-522 Sep 14, 2023

CVE-2023-32338 5.1 MEDIUM EPSS 0.00

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

CWE-522 Sep 05, 2023

CVE-2023-3251 4.1 MEDIUM EPSS 0.00

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.

CWE-522 Aug 29, 2023

CVE-2022-45611 9.8 CRITICAL EPSS 0.00

An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information.

CWE-522 Aug 22, 2023

CVE-2023-40173 7.5 HIGH 1 Writeup EPSS 0.00

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.

CWE-522 Aug 18, 2023

CVE-2023-31492 6.5 MEDIUM 1 Writeup EPSS 0.00

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.

CWE-522 Aug 17, 2023

CVE-2023-40347 6.5 MEDIUM EPSS 0.00

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.

CWE-522 Aug 16, 2023

CVE-2023-40345 6.5 MEDIUM EPSS 0.00

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.

CWE-522 Aug 16, 2023

CVE-2023-4328 5.5 MEDIUM EPSS 0.00

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows

CWE-522 Aug 15, 2023

CVE-2023-4327 5.5 MEDIUM EPSS 0.00

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

CWE-522 Aug 15, 2023

CVE-2023-20965 9.8 CRITICAL EPSS 0.01

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE-522 Aug 14, 2023

CVE-2023-36082 9.8 CRITICAL EPSS 0.00

An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.

CWE-522 Aug 03, 2023

CVE-2022-4926 6.5 MEDIUM EPSS 0.00

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

CWE-522 Jul 29, 2023

CVE-2023-35067 7.5 HIGH EPSS 0.00

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.

CWE-522 Jul 25, 2023

CVE-2023-37362 7.2 HIGH EPSS 0.00

Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.

CWE-522 Jul 19, 2023

CVE-2023-31824 7.5 HIGH EPSS 0.00

An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.

CWE-522 Jul 13, 2023

CVE-2023-34128 9.8 CRITICAL EPSS 0.00

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

CWE-260 Jul 13, 2023