CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

242 matches found

Cvelist•added 2026/03/26 9:16 p.m.•18 views

CVE-2026-4346 Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

5.1CVSS0.00124EPSS

Exploits0References2

OSV•added 2026/03/19 11:10 p.m.•3 views

CVE-2026-29108 Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, an authenticated API endpoint allows any user to retrieve detailed information about any other user, including their password hash, username, and MFA configuration. As...

6.5CVSS5.9AI score0.00306EPSS

Exploits0References3

OSV•added 2026/02/23 5:23 p.m.•3 views

CVE-2026-27514

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

6.5CVSS5.8AI score

Exploits0References2

Vulnrichment•added 2026/01/13 10:52 p.m.•2 views

CVE-2023-54337 Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)

Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality...

9.1CVSS6.5AI score0.00494EPSS

Exploits1References3

Vulnrichment•added 2025/12/24 7:28 p.m.•2 views

CVE-2019-25252 Teradek VidiU Pro 3.0.3 Cross-Site Request Forgery via Password Change

Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in...

5.1CVSS6.6AI score0.00159EPSS

Exploits2References3