Total
782 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15128 | 1 Zkteco | 1 Biotime | 2026-06-11 | 5.3 Medium |
| A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 9.0.6 is able to mitigate this issue. It is recommended to upgrade the affected component. The vendor confirms: "The mainstream version ZKBioTime V9.0.6 has fixed this vulnerability. Please update to the latest version as soon as possible. For the Middle East version BioTime 9.5.X, you can contact the local technical support to obtain the fix package." | ||||
| CVE-2026-11552 | 1 Sourcecodester | 3 Onlne Examination & Learning Management System, Onlne Examination Learning Management System, Syllabus-aligned Learning Management And Examination System | 2026-06-09 | 5.3 Medium |
| A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | ||||
| CVE-2026-11515 | 1 Sourcecodester | 1 Barangay Resident Profiling And Information Management System | 2026-06-08 | 5.3 Medium |
| A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the component Password Reset Handler. Such manipulation of the argument new_password with the input password123 leads to use of hard-coded password. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2012-0814 | 1 Openbsd | 1 Openssh | 2026-05-22 | 6.5 Medium |
| The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. | ||||
| CVE-2013-1815 | 1 Redhat | 4 Openstack, Openstack Essex, Openstack Folsom and 1 more | 2026-04-30 | 6.1 Medium |
| A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications. | ||||
| CVE-2007-6329 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. | ||||
| CVE-2007-6096 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2026-04-23 | N/A |
| Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. | ||||
| CVE-2007-6340 | 1 Moernaut | 2 Lsrunase, Supercrypt | 2026-04-23 | N/A |
| Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords. | ||||
| CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2026-04-23 | N/A |
| backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | ||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2026-04-23 | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | ||||
| CVE-2007-5579 | 1 Pligg | 1 Pligg Cms | 2026-04-23 | N/A |
| login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter. | ||||
| CVE-2007-5905 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | ||||
| CVE-2007-6260 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed. | ||||
| CVE-2007-6267 | 1 Citrix | 3 Edgesight For Endpoints, Edgesight For Netscaler, Edgesight For Presentation Server | 2026-04-23 | N/A |
| Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. | ||||
| CVE-2007-4994 | 1 Redhat | 2 Certificate Server, Certificate System | 2026-04-23 | N/A |
| Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL. | ||||
| CVE-2007-3978 | 1 Bwired | 1 Bwired | 2026-04-23 | N/A |
| Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2007-3061 | 1 Cactusoft | 1 Cactushop | 2026-04-23 | N/A |
| Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb. | ||||
| CVE-2007-4261 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2026-04-23 | N/A |
| EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. NOTE: vector 2 can be leveraged for administrative access because authentication does not require knowledge of cleartext values, but instead uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter. | ||||
| CVE-2007-4594 | 1 Entrust | 1 Entelligence Security Provider | 2026-04-23 | N/A |
| Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6239 | 1 Mailenable | 2 Netwebadmin Enterprise, Netwebadmin Professional | 2026-04-23 | N/A |
| webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | ||||