Lucene search
+L

1924 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 5:11 p.m.14 views

CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 5:11 p.m.43 views

CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS0.00415EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 5:11 p.m.39 views

CVE-2026-7786

The CVE-2026-7786 affects Jinan USR IOT’s USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter. The firmware image contains plaintext administrative credentials that can be extracted via firmware analysis and used to authenticate to device services, enabling administrator access. Reported CVSS v3.1 sco...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 4:25 p.m.14 views

CVE-2026-5386 KMW CCTV Security Cameras Unverified Password Change

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...

9.1CVSS5.8AI score0.00624EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 4:16 p.m.15 views

CVE-2018-25385

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.15 views

EUVD-2018-21918

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

8.7CVSS5.8AI score0.00313EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.33 views

CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

8.7CVSS0.00313EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 2:46 p.m.11 views

EUVD-2018-21907

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.34 views

CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...

8.8CVSS0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.12 views

CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 2:46 p.m.17 views

CVE-2018-25385

CVE-2018-25385 affects E-Registrasi Pencak Silat 18.10. The flaw is an SQL injection in the id_partai parameter of monitor_nilai.php, exploitable via unauthenticated GET requests with crafted payloads. attackers can extract sensitive data including admin credentials and user data. Root cause: imp...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44863

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id partai parameter. Attackers can send GET requests to monitor nilai.php with crafted SQL payloads in the id part...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 3:45 p.m.36 views

CVE-2026-8697

CVE-2026-8697 affects TP-Link Archer C64 v1, where the debug SSH service imposes no authentication rate-limiting. This allows an attacker with adjacent network access to brute-force administrative credentials via SSH and gain full admin control, with impact to confidentiality, integrity, and avai...

8.8CVSS5.8AI score0.0051EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/28 3:45 p.m.41 views

CVE-2026-8697 Improper Authentication Rate Limiting on TP-Link's Archer C64

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.7CVSS0.0051EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:45 p.m.11 views

CVE-2026-8697

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 3:45 p.m.14 views

CVE-2026-8697 Improper Authentication Rate Limiting on TP-Link's Archer C64

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.8AI score0.00402EPSS
Exploits0References14
Snyk
Snyk
added 2026/05/27 9:32 p.m.9 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/user-collection/create-first-user endpoint, which remains publicly accessible after initial setup. An attacker can obtain bcrypt password hashes of all administrator accounts and...

8.7CVSS5.8AI score0.00298EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/27 3:33 p.m.14 views

EUVD-2026-32277

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

9.3CVSS5.8AI score0.00662EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:16 p.m.14 views

CVE-2026-35089

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS0.00589EPSS
Exploits0References1
Rows per page
Query Builder