CVE & Exploit Intelligence Database

CVE-2026-25631 6.5 MEDIUM EPSS 0.00

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain patterns (e.g., *.example.com) in the "Allowed domains" setting. This issue is fixed in version 1.121.0 and later.

CWE-20 Feb 06, 2026

CVE-2026-0715 6.8 MEDIUM EPSS 0.00

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

CWE-522 Feb 05, 2026

CVE-2026-1966 EPSS 0.00

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services.

CWE-522 Feb 05, 2026

CVE-2020-37097 7.5 HIGH 1 PoC Analysis EPSS 0.00

Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables.

CWE-522 Feb 03, 2026

CVE-2025-52623 3.7 LOW EPSS 0.00

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0.

CWE-522 Feb 03, 2026

CVE-2026-24845 6.5 MEDIUM 1 Writeup EPSS 0.00

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses google/go-containerregistry for OCI image pulls, which by default uses the Docker credential keychain. A malicious registry could return a `WWW-Authenticate` header redirecting token authentication to an attacker-controlled endpoint, causing credentials to be sent to that endpoint. Version 1.20.3 fixes the issue by defaulting to anonymous auth for OCI pulls.

CWE-522 Jan 29, 2026

CVE-2020-36968 6.5 MEDIUM 1 PoC Analysis EPSS 0.00

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

CWE-522 Jan 28, 2026

CVE-2025-9521 6.5 MEDIUM EPSS 0.00

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.

CWE-522 Jan 26, 2026

CVE-2025-65098 7.4 HIGH EPSS 0.00

Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.

CWE-311 Jan 22, 2026

CVE-2026-23958 9.8 CRITICAL EPSS 0.00

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints that verify JWT tokens. The vulnerability has been fixed in v2.10.19. No known workarounds are available.

CWE-522 Jan 22, 2026

CVE-2026-21852 7.5 HIGH 2 PoCs Analysis EPSS 0.00

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version.

CWE-522 Jan 21, 2026

CVE-2025-58742 5.9 MEDIUM EPSS 0.00

Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.

CWE-522 Jan 20, 2026

CVE-2025-58741 7.5 HIGH EPSS 0.00

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.

CWE-522 Jan 20, 2026

CVE-2026-1223 4.9 MEDIUM EPSS 0.00

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.

CWE-522 Jan 20, 2026

CVE-2026-23742 8.8 HIGH EPSS 0.00

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs, they an read skipper secrets. This vulnerability is fixed in 0.23.0.

CWE-250 Jan 16, 2026

CVE-2021-47759 6.2 MEDIUM 1 PoC Analysis EPSS 0.00

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials.

CWE-522 Jan 15, 2026

CVE-2026-22911 5.3 MEDIUM EPSS 0.00

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.

CWE-522 Jan 15, 2026

CVE-2026-22240 7.5 HIGH EPSS 0.00

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in using an exposed admin email address and password.

CWE-522 Jan 14, 2026

CVE-2025-69271 7.5 HIGH EPSS 0.00

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.

CWE-522 Jan 12, 2026

CVE-2026-22043 9.8 CRITICAL EPSS 0.00

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privileges. This enables privilege escalation and bypass of session/inline policy restrictions. Version 1.0.0-alpha.79 fixes the issue.

CWE-284 Jan 08, 2026