Lucene search
+L

630 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:26 p.m.7 views

CVE-2018-12260

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices...

6.7CVSS7.2AI score0.00376EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:22 p.m.8 views

CVE-2018-14994

The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu versionName=1.0, platformBuildVersionName=8.1.0 that contains an exported activity...

9.4CVSS6.7AI score0.02016EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:18 p.m.10 views

CVE-2018-10747

An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as an 'unset' parameter to the '/userfs/bin/tcapi' binary in the Diagnostics component using the 'unset ' function and cause memory corruption. Furthermore, it is possible to redirect the flow...

9CVSS7.6AI score0.02727EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:30 a.m.9 views

CVE-2021-27169

An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account...

9.8CVSS7.4AI score0.19844EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.18 views

CVE-2021-22767

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276...

9.8CVSS7.7AI score0.02708EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.12 views

CVE-2016-10314

Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to read passwords via a direct request to the x.asp page...

8.8CVSS7.1AI score0.01187EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.10 views

CVE-2019-18832

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable OTP AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01...

8.1CVSS7AI score0.00434EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.10 views

CVE-2019-20500

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

7.8CVSS7.4AI score0.97109EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/01/09 10:0 a.m.3 views

CVE-2025-64091 Authenticated Remote Code Execution in the NTP-configuration

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device...

8.6CVSS6.8AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.13 views

CVE-2020-24577

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body...

7.5CVSS7.2AI score0.19061EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:39 a.m.12 views

CVE-2017-18718

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42...

8.8CVSS7.5AI score0.00788EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/09 12:0 a.m.26 views

CVE-2025-67070

A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication MFA mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to th...

0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 11:9 p.m.17 views

CVE-2019-25259

CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...

5.3CVSS6.4AI score0.00146EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.12 views

CVE-2019-12223

An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process...

7.8CVSS7.5AI score0.02369EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2026/01/06 4:3 p.m.2 views

Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious guest driver to crash the QEMU process on the host bsc1209554. CVE-2024-6505: heap-based buffer overflow in...

7.9CVSS7.4AI score0.0065EPSS
Exploits0References16
OSV
OSV
added 2025/12/30 11:15 p.m.4 views

CVE-2022-50804

JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery CSRF attacks, allowing attackers to perform administrative actions on behalf of authenticated users without their knowledge or consent...

8.8CVSS5.7AI score0.00219EPSS
Exploits1References6
CVE
CVE
added 2025/12/24 7:27 p.m.14 views

CVE-2018-25155

Summary: CVE-2018-25155 affects Teradek Slice 7.3.15 with a cross-site request forgery vulnerability that lets an attacker change the administrator password without proper request validation. An attacker can lure a logged-in user to view a malicious page that auto-submits password-change requests...

5.1CVSS6.6AI score0.00176EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2025/12/13 8:16 a.m.33 views

CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

9.4CVSS0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/13 8:16 a.m.4 views

CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

9.4CVSS6.5AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 7:15 p.m.27 views

CVE-2025-56098

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

8.8CVSS0.02331EPSS
Exploits1References3
Rows per page
Query Builder