Lucene search
K

1137 matches found

CVE
CVE
added 2025/11/17 10:55 p.m.15 views

CVE-2025-31649

CVE-2025-31649: Dell ControlVault WBDI Driver hard-coded password vulnerability in ControlVault3 prior to 5.15.14.19 and ControlVault3 Plus prior to 6.2.36.47. A specially crafted API call can lead to execution of privileged operations. TALOS confirms vulnerable versions (e.g., 5.14.3.0) and the ...

8.7CVSS6.8AI score0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.5 views

Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞

Dell ControlVault3 and Dell ControlVault3 Plus are both hardware-based security solutions from Dell USA. A security vulnerability exists in Dell ControlVault3 versions prior to 5.15.14.19 and Dell ControlVault3 Plus versions prior to 6.2.36.47, which stems from a hard-coded password vulnerability...

8.7CVSS6.6AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.4 views

PT-2025-47226

Name of the Vulnerable Software and Affected Versions Dell ControlVault3 versions prior to 5.15.14.19 Dell ControlVault3 Plus versions prior to 6.2.36.47 Description A hard-coded password exists within the ControlVault WBDI Driver functionality. An attacker can exploit this by issuing a specially...

8.7CVSS6.8AI score0.00231EPSS
Exploits0References8
Talos
Talos
added 2025/11/17 12:0 a.m.8 views

Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

Talos Vulnerability Report TALOS-2025-2173 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability November 17, 2025 CVE Number CVE-2025-31649 SUMMARY A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 5.14.3.0. A...

8.7CVSS6.8AI score0.00231EPSS
Exploits0
CVE
CVE
added 2025/11/05 7:27 a.m.17 views

CVE-2025-12676

CVE-2025-12676 concerns KiotViet Sync for WordPress (versions up to 1.8.5). According to multiple sources, the root cause is a hard-coded password used for authentication inside QueryControllerAdmin::authenticated, enabling unauthenticated attackers to create and sync products. Public details con...

5.3CVSS6AI score0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 7:27 a.m.5 views

CVE-2025-12676 KiotViet Sync <= 1.8.5 - Use of Hard-coded Password to Authorization Bypass

The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attacke...

5.3CVSS6AI score0.00298EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.4 views

WordPress plugin KiotViet Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

5.3CVSS6.6AI score0.00298EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/17 12:43 a.m.16 views

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

6.5CVSS7.2AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 6:30 p.m.5 views

EUVD-2025-34787

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

6.5CVSS6.7AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2025/10/16 6:15 p.m.5 views

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

6.5CVSS0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 12:0 a.m.4 views

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

6.9AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

H3C Magic M安全漏洞

H3C Magic M is a series of wireless routers from China's Xinhua San H3C. A security vulnerability exists in H3C Magic M. The vulnerability stems from the use of hard-coded weak passwords or unset passwords in the firmware, which could allow an attacker to gain maximum root privileges via Telnet...

6.5CVSS7.1AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 12:0 a.m.10 views

CVE-2025-61330

CVE-2025-61330 affects H3C Magic-branded devices. The root cause is a hard-coded weak password (or no password) for the root account in /etc/shadow, with Telnet enabled by default or user-enabled, and Virtual Servers exposing devices to the public network. This enables remote attacker access to r...

6.5CVSS6.9AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 12:0 a.m.11 views

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/14 7:42 a.m.3 views

CVE-2025-11666

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...

8.4CVSS6.5AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/13 11:23 p.m.9 views

CVE-2025-11649

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated from a local position. The attack is considered to have hig...

7.3CVSS5.8AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/13 9:30 a.m.3 views

EUVD-2025-34055

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...

8.4CVSS6.3AI score0.00142EPSS
Exploits0References6
NVD
NVD
added 2025/10/13 7:15 a.m.3 views

CVE-2025-11666

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...

8.4CVSS0.00142EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/13 7:2 a.m.2 views

CVE-2025-11666 Tenda RP3 Pro Firmware Update force_upgrade.sh hard-coded password

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file forceupgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument currentforceupgradepwd can lead to use of hard-coded password. The attack can only be executed...

8.4CVSS6.3AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2025/10/13 7:2 a.m.10 views

CVE-2025-11666

CVE-2025-11666 affects Tenda RP3 Pro firmware up to version 22.5.7.93. The vulnerability resides in the Firmware Update Handler’s force_upgrade.sh, where manipulating the current_force_upgrade_pwd argument can trigger use of a hard-coded password. Local attack required. Public exploit exists. Rem...

8.4CVSS6.3AI score0.00142EPSS
Exploits0References5
Rows per page
Query Builder