CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1082 matches found

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

7.5CVSS

Exploits0References1

ATTACKERKB•added 18 hours ago•4 views

CVE-2026-41858

7.5CVSS5.8AI score

Exploits0References2

Cvelist•added 18 hours ago•6 views

CVE-2026-41858

7.5CVSS

Exploits0References1

CVE•added 18 hours ago•8 views

CVE-2026-41858

The CVE fixes a weakness in Get-RandomPassword within BOSH-Ecosystem’s windows-utilities-release. The password for the Administrator account is derived from a clock-seeded PRNG, allowing a network attacker who can estimate VM boot time to reconstruct a small candidate list and recover the Adminis...

7.5CVSS5.8AI score

Exploits0References1

EUVD•added 18 hours ago•3 views

EUVD-2026-34195

7.5CVSS5.8AI score

Exploits0References1

Positive Technologies•added 20 hours ago•6 views

PT-2026-46132

7.5CVSS5.8AI score

Exploits0References2

Cloud Foundry•added 3 days ago•2 views

CVE-2026-41858 - Brute forceable windows admin creds | Cloud Foundry

CVSS score: 6.5 Medium CVSS:3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. windows-utilities-release – All versions prior to v0.23.0 Description Weak Randomness / Insecure Cryptographic Primitive CWE-338 in...

7.5CVSS5.8AI score

Exploits0

ATTACKERKB•added 2026/05/28 6:22 p.m.•4 views

CVE-2026-45332

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

7.5CVSS5.8AI score0.00058EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/28 6:22 p.m.•7 views

CVE-2026-45332 Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint

7.5CVSS5.8AI score0.00058EPSS

Exploits1References1

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Automad 访问控制错误漏洞

Automad is a flat-file content management system and template engine developed by Marc Anton Dahmen. Versions of Automad from 2.0.0-alpha.1 to 2.0.0-beta.27 contain access control vulnerabilities. These vulnerabilities stem from ineffective access control mechanisms, allowing unauthorized attacke...

7.5CVSS5.8AI score0.00058EPSS

Exploits1References2

RedhatCVE•added 2026/05/26 8:13 p.m.•8 views

CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.8CVSS5.8AI score0.00049EPSS

Exploits0References1

NVD•added 2026/05/22 9:16 p.m.•10 views

CVE-2026-3294

8.8CVSS0.00049EPSS

Exploits0References11

ATTACKERKB•added 2026/05/22 8:48 p.m.•5 views

CVE-2026-3294

8.7CVSS5.8AI score0.00049EPSS

Exploits0References12

RedhatCVE•added 2026/05/08 8:21 p.m.•6 views

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00074EPSS

Exploits0References1

EUVD•added 2026/05/06 9:31 p.m.•3 views

EUVD-2026-27883

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

5.8AI score0.01485EPSS

Exploits3References3

EUVD•added 2026/05/06 6:37 p.m.•6 views

EUVD-2026-27885

9.8CVSS5.8AI score0.00074EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в freeipa

A flaw was identified in the FreeIPA API audit; it sends the entire FreeIPA command line to journalctl. As a result, during the FreeIPA installation process, administrative user credentials—including the administrator’s password—are inadvertently leaked into the journal database. In the worst-cas...

5.5CVSS6AI score0.00016EPSS

Exploits0References1

Positive Technologies•added 2026/04/27 12:0 a.m.•2 views

PT-2026-35345

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0005EPSS

Exploits0References4

RedhatCVE•added 2026/03/31 4:59 a.m.•1 views

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

7.1CVSS5.9AI score0.00829EPSS

Exploits3References1

NVD•added 2026/03/23 12:16 p.m.•2 views

CVE-2026-31846

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

7.1CVSS0.00056EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by