CVE & Exploit Intelligence Database

CVE-2025-12636 6.5 MEDIUM 1 Writeup EPSS 0.00

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings.

CWE-522 Nov 06, 2025

CVE-2025-54863 10.0 CRITICAL 1 Writeup EPSS 0.00

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.

CWE-522 Nov 04, 2025

CVE-2025-34270 4.9 MEDIUM EPSS 0.00

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results.

CWE-522 Oct 30, 2025

CVE-2025-12461 EPSS 0.00

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which modules are installed.

CWE-522 Oct 29, 2025

CVE-2025-62794 3.8 LOW 1 Writeup EPSS 0.00

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" api. An attacker with read only access to your home directory could have read this token and used it to perform actions with that token. Update to 0.0.7.

CWE-522 Oct 28, 2025

CVE-2025-61482 7.2 HIGH 1 Writeup EPSS 0.00

Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts.

CWE-522 Oct 27, 2025

CVE-2025-54808 7.8 HIGH 1 Writeup EPSS 0.00

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory (/tmp) on the host machine. This directory is typically world-readable, allowing any local user or application to access the token. If the token is leaked (e.g., via malware infection or other local exploit), and remote access is enabled, it can be used to establish unauthorized remote connections to the sequencer. Remote access must be enabled for remote exploitation to succeed. This may occur either because the user has enabled remote access for legitimate operational reasons or because malware with elevated privileges (e.g., sudo access) enables it without user consent. This vulnerability can be chained with remote access capabilities to generate a developer token from a remote device. Developer tokens can be created with arbitrary expiration dates, enabling persistent access to the sequencer and bypassing standard authentication mechanisms.

CWE-522 Oct 23, 2025

CVE-2024-42192 5.5 MEDIUM EPSS 0.00

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.

CWE-522 Oct 16, 2025

CVE-2025-62157 6.5 MEDIUM 1 Writeup EPSS 0.00

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissions to read pod logs in a namespace running Argo Workflows can read the workflow-controller logs and obtain credentials to the artifact repository. Update to versions 3.6.12 or 3.7.3 to remediate the vulnerability. No known workarounds exist.

CWE-522 Oct 14, 2025

CVE-2025-35054 5.3 MEDIUM EPSS 0.00

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

CWE-522 Oct 09, 2025

CVE-2025-61776 4.7 MEDIUM EPSS 0.00

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` via the HTTP `Authorization` header, and may disclose names and versions of components marked as internal to `api.nuget.org`. This can happen if the Dependency-Track instance contains .NET components, a custom NuGet repository has been configured, the custom repository has been configured with authentication credentials, and the repository server does not provide `PackageBaseAddress` resource in its service index. The issue has been fixed in Dependency-Track 4.13.5. Some workarounds are avaialble. Disable custom NuGet repositories until the patch has been applied, invalidate the previously used credentials, and generate new credentials for usage after the patch has been applied.

CWE-522 Oct 07, 2025

CVE-2025-37728 5.4 MEDIUM EPSS 0.00

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.

CWE-522 Oct 07, 2025

CVE-2025-27231 4.9 MEDIUM EPSS 0.00

The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.

CWE-522 Oct 03, 2025

CVE-2025-34207 9.8 CRITICAL EPSS 0.00

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `StrictHostKeyChecking=no`, and `ForwardAgent yes`. These settings disable verification of the remote host’s SSH key and automatically forward the developer’s SSH‑agent to any host that matches the configured wildcard patterns. As a result, an attacker who can reach a single compromised container can cause the container to connect to a malicious SSH server, capture the forwarded private keys, and use those keys for unrestricted lateral movement across the environment. This vulnerability has been identified by the vendor as: V-2024-027 — Insecure Secure Shell (SSH) Configuration.

CWE-522 Sep 29, 2025

CVE-2025-34196 9.8 CRITICAL EPSS 0.00

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the PrinterLogic Certificate Authority (CA) and a hardcoded password in product configuration files. The Windows client ships the CA certificate and its associated private key (and other sensitive settings such as a configured password) directly in shipped configuration files (for example clientsettings.dat and defaults.ini). An attacker who obtains these files can impersonate the CA, sign arbitrary certificates trusted by the Windows client, intercept or decrypt TLS-protected communications, and otherwise perform man-in-the-middle or impersonation attacks against the product's network communications. This vulnerability has been identified by the vendor as: V-2022-001 — Configuration File Contains CA & Private Key.

CWE-522 Sep 29, 2025

CVE-2025-10880 7.5 HIGH EPSS 0.00

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.

CWE-522 Sep 25, 2025

CVE-2025-10879 5.3 MEDIUM EPSS 0.00

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.

CWE-522 Sep 25, 2025

CVE-2025-40838 7.5 HIGH EPSS 0.00

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.

CWE-522 Sep 25, 2025

CVE-2025-10360 EPSS 0.00

In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.

CWE-522 Sep 24, 2025

CVE-2025-54467 5.3 MEDIUM EPSS 0.00

When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log.

CWE-522 Sep 17, 2025