Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2025-54422 5.5 MEDIUM 1 Writeup EPSS 0.00

Sandboxie < 1.16.2 - Insufficiently Protected Credentials

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2.

CWE-522 Jul 29, 2025

CVE-2025-54428 9.8 CRITICAL 1 Writeup EPSS 0.00

RevelaCode <1.0.1 - Info Disclosure

RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded username and password was accidentally committed to the public repository. This could allow unauthorized access to production or staging databases, potentially leading to data exfiltration, modification, or deletion. This is fixed in version 1.0.1. Workarounds include: immediately rotating credentials for the exposed database user, using a secret manager (like Vault, Doppler, AWS Secrets Manager, etc.) instead of storing secrets directly in code, or auditing recent access logs for suspicious activity.

CWE-522 Jul 28, 2025

CVE-2025-54380 6.5 MEDIUM 1 Writeup EPSS 0.00

Apereo Opencast < 17.6 - Information Disclosure

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass) when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous CVE prevented many cases where the credentials were inappropriately sent, but not all. Anyone with ingest permissions could cause Opencast to send its hashed global system account credentials to a url of their choosing. This issue is fixed in Opencast 17.6.

CWE-522 Jul 26, 2025

CVE-2025-34139 EPSS 0.00

Sitecore - Info Disclosure

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.

CWE-552 Jul 25, 2025

CVE-2025-6227 2.2 LOW EPSS 0.00

Mattermost <10.5.7, <9.11.16 - Info Disclosure

Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API.

CWE-522 Jul 18, 2025

CVE-2025-7565 5.3 MEDIUM 1 Writeup EPSS 0.00

LB-LINK BL-AC3600 <1.0.22 - Info Disclosure

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-284 Jul 14, 2025

CVE-2025-53743 5.3 MEDIUM EPSS 0.00

Jenkins Applitools Eyes Plugin <1.16.5 - Info Disclosure

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-522 Jul 09, 2025

CVE-2025-53671 6.5 MEDIUM EPSS 0.00

Jenkins Nouvola DiveCloud Plugin <1.08 - Info Disclosure

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-522 Jul 09, 2025

CVE-2025-53669 4.3 MEDIUM EPSS 0.00

Jenkins VAddy Plugin <1.2.8 - Info Disclosure

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-522 Jul 09, 2025

CVE-2025-53667 5.3 MEDIUM EPSS 0.00

Jenkins Dead Man's Snitch Plugin 0.1 - Info Disclosure

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-522 Jul 09, 2025

CVE-2025-53661 4.3 MEDIUM EPSS 0.00

Jenkins Testsigma Test Plan run Plugin <1.6 - Info Disclosure

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-522 Jul 09, 2025

CVE-2025-53660 4.3 MEDIUM EPSS 0.00

Jenkins QMetry Test Management Plugin <1.13 - Info Disclosure

Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-522 Jul 09, 2025

CVE-2025-53657 4.3 MEDIUM EPSS 0.00

Jenkins ReadyAPI Functional Testing Plugin <1.11 - Info Disclosure

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-522 Jul 09, 2025

CVE-2025-53654 6.5 MEDIUM EPSS 0.00

Jenkins Statistics Gatherer Plugin <2.0.3 - Info Disclosure

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

CWE-522 Jul 09, 2025

CVE-2025-53650 7.3 HIGH EPSS 0.00

Jenkins Credentials Binding Plugin <687.v619cb_15e923f - Info Discl...

Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.

CWE-522 Jul 09, 2025

CVE-2025-24508 6.4 MEDIUM EPSS 0.00

IT Management Agent - Info Disclosure

Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage

CWE-522 Jul 07, 2025

CVE-2025-34078 7.8 HIGH 3 PoCs Analysis EPSS 0.02

NSClient++ <0.5.2.35 - Privilege Escalation

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API. This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.

CWE-522 Jul 02, 2025

CVE-2025-34062 EPSS 0.00

OneLogin AD Connector <6.1.5 - Info Disclosure

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration.

CWE-522 Jul 01, 2025

CVE-2025-6081 6.8 MEDIUM EPSS 0.00

Konica Minolta bizhub 227 <GCQ-Y3 - Info Disclosure

Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker can force the target device to authenticate to the attacker controlled LDAP service. This will allow the attacker to capture the plaintext password of the configured LDAP service.

CWE-522 Jul 01, 2025

CVE-2024-49364 EPSS 0.00

NPM Tiny-secp256k1 < 1.1.7 - Insufficiently Protected Credentials

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. The Buffer.isBuffer check can be bypassed, resulting in k reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one). This issue has been patched in version 1.1.7.

CWE-522 Jul 01, 2025

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps