Lucene search
K

4256 matches found

RedhatCVE
RedhatCVE
added 2026/04/29 1:44 a.m.8 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

8.8CVSS5.3AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 4:16 p.m.5 views

CVE-2026-39920

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS0.0054EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/24 3:48 p.m.30 views

CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS0.0054EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/24 3:48 p.m.4 views

CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:48 p.m.3 views

CVE-2026-39920

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/24 3:48 p.m.4 views

EUVD-2026-25569

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References5
CVE
CVE
added 2026/04/24 3:48 p.m.12 views

CVE-2026-39920

BridgeHead FileStore before version 24A exposes the Apache Axis2 administration module on network endpoints with default credentials, allowing unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate using default credentials, upload a malicious Java archive a...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References5
NVD
NVD
added 2026/04/24 12:16 a.m.3 views

CVE-2026-39462

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

9.3CVSS0.0038EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

BridgeHead FileStore 安全漏洞

BridgeHead FileStore is a medical data-oriented file storage and long-term archiving management system developed by BridgeHead Corporation in Canada. Previous versions of BridgeHead FileStore 24A contained security vulnerabilities. These vulnerabilities stemmed from the Apache Axis2 management...

9.8CVSS6.1AI score0.0054EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

SenseLive X3050 安全漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a security vulnerability, which stems from the unreliable application of password updates. This vulnerability may cause the system to continue...

9.3CVSS5.8AI score0.0038EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-35026

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/23 11:52 p.m.37 views

CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

9.3CVSS0.0038EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 11:52 p.m.24 views

CVE-2026-39462

CVE-2026-39462 affects SenseLive X3050, where the web management interface fails to reliably apply password changes due to backend credential handling. After factory restore with SenseLive Config 2.0, the UI may indicate a successful password update while the system continues to accept previous o...

9.3CVSS5.8AI score0.0038EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/23 6:33 p.m.11 views

EUVD-2026-25250

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

6.1CVSS5.7AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 6:16 p.m.4 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

8.8CVSS0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 4:10 p.m.4 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

6.1CVSS5.7AI score0.0013EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 4:10 p.m.2 views

CVE-2026-5039 Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

6.1CVSS5.7AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.9 views

PT-2026-34683

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N version v13 Description The TDDPv2 debug protocol uses DES-CBC encryption with a cryptographic key derived from default web management credentials. This makes the key predictable when the device maintains its default...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/22 10:3 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...

9.8CVSS6.1AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 10:3 p.m.6 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...

9.8CVSS6.1AI score0.0044EPSS
Exploits0References2
Rows per page
Query Builder