CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

158 matches found

NVD•added 2026/06/05 6:16 p.m.•9 views

CVE-2025-71318

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS0.00533EPSS

Exploits0References3

NVD•added 2026/06/05 6:16 p.m.•10 views

CVE-2025-71317

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

9.8CVSS0.00432EPSS

Exploits0References3

Cvelist•added 2026/06/05 5:49 p.m.•25 views

CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions

9.8CVSS0.00533EPSS

Exploits0References3

EUVD•added 2026/06/05 5:49 p.m.•8 views

EUVD-2025-210079

9.8CVSS5.5AI score0.00533EPSS

Exploits0References3

CVE•added 2026/06/05 5:49 p.m.•14 views

CVE-2025-71318

CVE-2025-71318 concerns NetMan 204, where authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly access pages (e.g., administration.html, administration-commands.html, configuration.html) to disclose sensitive details such as ...

9.8CVSS5.5AI score0.00533EPSS

Exploits0References3

EUVD•added 2026/06/05 5:49 p.m.•7 views

EUVD-2025-210078

9.8CVSS5.4AI score0.00432EPSS

Exploits0References3

Vulnrichment•added 2026/06/05 5:49 p.m.•7 views

CVE-2025-71317 NetMan 204 Hard-coded Backdoor Credentials

9.8CVSS5.4AI score0.00432EPSS

Exploits0References3

Positive Technologies•added 2026/06/04 12:0 a.m.•7 views

PT-2026-49127

This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.3AI score

Exploits0References4

Github Security Blog•added 2026/02/02 8:33 p.m.•10 views

ml-dsa's UseHint function has off by two error when r0 equals zero

Summary There's a bug in the usehint function where it adds 1 instead of subtracting 1 when the decomposed low bits r0 equal exactly zero. FIPS 204 Algorithm 40 is pretty clear that r0 0 means strictly positive, but the current code treats zero as positive. This causes valid signatures to...

5.5AI score

Exploits0References3Affected Software1

OSV•added 2026/02/02 8:33 p.m.•2 views

GHSA-H37V-HP6W-2PP8 ml-dsa's UseHint function has off by two error when r0 equals zero

6.9CVSS5.6AI score

Exploits0References3

Positive Technologies•added 2026/01/28 12:0 a.m.•9 views

PT-2026-5048

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

5.3CVSS5.9AI score0.00299EPSS

Exploits0References12

RedhatCVE•added 2026/01/07 9:16 a.m.•9 views

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

5.3CVSS7AI score0.0068EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2006-5592

Malware in sbrugna...

5CVSS6.4AI score0.01865EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-2855

Malware in sbrugna...

4.3CVSS9.3AI score0.01147EPSS

Exploits0References12