Search Results (1408 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-21660 1 Johnsoncontrols 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware 2026-04-17 9.8 Critical
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior.
CVE-2026-20791 1 Chargemap 1 Chargemap.com 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-27167 2 Gradio-app, Gradio Project 2 Gradio, Gradio 2026-04-16 0 Low
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.
CVE-2022-27774 6 Brocade, Debian, Haxx and 3 more 18 Fabric Operating System, Debian Linux, Curl and 15 more 2026-04-16 5.7 Medium
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
CVE-2026-27770 1 Epower 1 Epower.ie 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-28714 3 Acronis, Linux, Microsoft 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more 2026-04-16 N/A
Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVE-2026-27027 1 Everon 1 Api.everon.io 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-20733 1 Cloudcharge 1 Cloudcharge.se 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-20435 6 Google, Linuxfoundation, Mediatek and 3 more 40 Android, Yocto, Mt2737 and 37 more 2026-04-16 4.6 Medium
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.
CVE-2026-27777 1 Mobiliti 1 E-mobi.hu 2026-04-16 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-35185 2 Haxtheweb, Psu 2 Hax, Haxiam 2026-04-16 7.5 High
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration details. This allows any unauthenticated user to monitor real-time user interactions and gather internal infrastructure information. This vulnerability is fixed in 25.0.0.
CVE-1999-0013 1 Ssh 1 Ssh 2026-04-16 8.4 High
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
CVE-2005-3435 1 Archilles 1 Newsworld 2026-04-16 9.8 Critical
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
CVE-2000-0944 1 Cgi 1 Script Center News Update 2026-04-16 9.8 Critical
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
CVE-2026-25774 2 Ev.energy, Ev Energy 2 Ev.energy, Ev.energy 2026-04-15 6.5 Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2025-37728 1 Elastic 1 Kibana 2026-04-15 5.4 Medium
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access.
CVE-2025-3078 2026-04-15 8.7 High
A passback vulnerability which relates to production printers and office multifunction printers.
CVE-2024-47142 2026-04-15 N/A
AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.
CVE-2025-54467 2 Neuvector, Suse 2 Neuvector, Neuvector 2026-04-15 5.3 Medium
When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log.
CVE-2023-49233 1 Visual Planning 1 Admin Center 2026-04-15 8.8 High
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level.