49 matches found
PYSEC-2026-925 sosreport Exposure of Sensitive Information vulnerability
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el86, ovirt-log-collector-4.4.7-2.el8ev...
CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...
CVE-2026-36606
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...
CVE-2026-36606
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...
CVE-2026-30701
The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...
EUVD-2026-14402
An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential ca...
CVE-2026-30701
The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...
EUVD-2025-208690
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...
PT-2026-21532
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The router firmware contains a flaw where the configuration download feature reveals the router password and administrative password in plaintext. The response...
CVE-2024-58277
CVE-2024-58277 affects the R Radio Network FM Transmitter v1.07, where an unauthenticated actor can access the admin password via the system.cgi endpoint, enabling authentication bypass and FM station setup access. Public sources (Zero Science Lab) describe an improper access control allowing dis...
PT-2025-47014
Name of the Vulnerable Software and Affected Versions Ubee EVW3226 versions up to and including 1.0.20 Description The Ubee EVW3226 cable modem/router firmware stores configuration backup files in the web root after they are generated for download. These files remain accessible without...
EUVD-2019-3286
Malware in sbrugna...
EUVD-2019-16283
Malware in sbrugna...
EUVD-2015-4083
Malware in sbrugna...
EUVD-2019-10510
Malware in sbrugna...
EUVD-2019-16855
Malware in sbrugna...
CVE-2025-29515
Incorrect access control in the DELTfile.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password...
Landray OA EKP 安全漏洞
Landray OA EKP Landray EKP is an office collaboration software from China Landray company. A security vulnerability exists in Landray OA EKP v16, which originates from an arbitrary download vulnerability in the /ui/sysuiextend/sysUiExtend.do component, which may result in obtaining the backend...
CVE-2025-34078 NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...
CVE-2025-34038
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...