CVEs classified under CWE-260, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2023-53739: Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download…
CVE-2025-57754 — CVSS 9.8 (critical): eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A…
CVE-2025-25022 — CVSS 9.6 (critical): IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an…
CVE-2025-6513 — CVSS 9.3 (critical): Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
CVE-2025-32111 — CVSS 8.7 (high): The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for…
CVE-2019-25465 — CVSS 7.5 (high): Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive…
CVE-2023-53770 — CVSS 7.5 (high): MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system…
CVE-2014-5400 — CVSS 6.8 (medium): The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to…
CVE-2025-33119 — CVSS 6.5 (medium): IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an…
CVE-2016-7043 — CVSS 5.9 (medium): It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java…
CVE-2025-36002 — CVSS 5.5 (medium): IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores…
CVE-2024-45673 — CVSS 5.5 (medium): IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM…
CVE-2025-51540 — CVSS 5.3 (medium): EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and…
CVE-2025-36100 — CVSS 5.1 (medium): IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0…
CVE-2023-2790 — CVSS 2.3 (low): A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the…