Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.
CVE-2025-26846
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
CVE-2025-32486
CRITICAL CVSS 9.8
Find Similar
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6.
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.
Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9.
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vul
Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.
Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.
An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware version
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
Page 1+ Next →