Search Vulnerabilities

AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

CVE-2026-53632

NTLMv2 hash disclosure via UNC path handling on Windows

CVE-2026-53840

OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects

Jun 16, 2026

CVE-2026-6517

Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Jun 15, 2026

CVE-2026-49949

CodexBar < 0.33.0 Credential Leakage via HTTP Redirect

Jun 11, 2026

CVE-2026-41715

Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect

Jun 9, 2026

CVE-2026-39908

OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

CVE-2026-46440

CRITICAL

Flowise: Basic Auth Credentials Exposed via API

CVE-2026-46511

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

Jun 5, 2026

CVE-2026-4387

Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

CVE-2026-49379

In JetBrains TeamCity before 2026

CVE-2026-42951

MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9

CVE-2026-2255

Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

CVE-2026-9395

Besen BS20 EV Charging Station BLE/UDP insufficiently protected credentials

May 24, 2026

CVE-2026-39968

TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint

May 22, 2026

CVE-2025-13477

OTP Bypass in Digital Operation Services' WifiBurada

CVE-2026-0393

CODESYS Visualization - Insufficiently Protected Credentials

CVE-2026-6345

Prevent password disclosure and force reset during Slack import

May 18, 2026

CVE-2025-62312

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication

May 14, 2026

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-54276

AIOHTTP: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

CVE-2026-53632

NTLMv2 hash disclosure via UNC path handling on Windows

CVE-2026-53840

OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects

Jun 16, 2026

CVE-2026-6517

Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Jun 15, 2026

CVE-2026-49949

CodexBar < 0.33.0 Credential Leakage via HTTP Redirect

Jun 11, 2026

CVE-2026-41715

Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect

Jun 9, 2026

CVE-2026-39908

OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

CVE-2026-46440

CRITICAL

Flowise: Basic Auth Credentials Exposed via API

CVE-2026-46511

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

Jun 5, 2026

CVE-2026-4387

Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

CVE-2026-49379

In JetBrains TeamCity before 2026

CVE-2026-42951

MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9

CVE-2026-2255

Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

CVE-2026-9395

Besen BS20 EV Charging Station BLE/UDP insufficiently protected credentials

May 24, 2026

CVE-2026-39968

TypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview Endpoint

May 22, 2026

CVE-2025-13477

OTP Bypass in Digital Operation Services' WifiBurada

CVE-2026-0393

CODESYS Visualization - Insufficiently Protected Credentials

CVE-2026-6345

Prevent password disclosure and force reset during Slack import

May 18, 2026

CVE-2025-62312