CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3006 matches found

NVD•added 2026/05/07 5:15 p.m.•8 views

CVE-2026-7414

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyon...

9.8CVSS0.00019EPSS

Exploits1References3

CVE•added 2026/05/07 4:10 p.m.•7 views

CVE-2026-7414

Yarbo firmware v2.3.9 is affected by CVE-2026-7414 due to hardcoded administrative credentials embedded in the firmware image. The credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device manag...

9.8CVSS5.8AI score0.00019EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/05/07 4:10 p.m.•28 views

CVE-2026-7414 Hardcoded credentials in Yarbo robot firmware

9.8CVSS0.00019EPSS

Exploits1References2

Vulnrichment•added 2026/05/07 4:10 p.m.•5 views

CVE-2026-7414 Hardcoded credentials in Yarbo robot firmware

9.8CVSS5.8AI score0.00019EPSS

Exploits1References2

ATTACKERKB•added 2026/05/07 4:10 p.m.•5 views

CVE-2026-7414

9.8CVSS5.8AI score0.00019EPSS

Exploits1References3

Positive Technologies•added 2026/05/07 12:0 a.m.•7 views

PT-2026-38459

Name of the Vulnerable Software and Affected Versions Yarbo firmware version 2.3.9 Description The firmware contains hardcoded administrative credentials embedded in the image. These credentials are identical across all devices and cannot be modified or removed by end users, allowing unauthorized...

9.8CVSS5.8AI score0.00019EPSS

Exploits1References8

CNNVD•added 2026/05/06 12:0 a.m.•7 views

PicoTronica e-Clinic Healthcare System ECHS 安全漏洞

PicoTronica e-Clinic Healthcare System ECHS is a medical clinic management system developed by the British company PicoTronica. Version 5.7 of the PicoTronica e-Clinic Healthcare System ECHS contains a security vulnerability. This vulnerability stems from an issue with the parameter ADMINKEY in t...

7.5CVSS7.1AI score0.00054EPSS

Exploits0References2

ATTACKERKB•added 2026/05/04 5:39 p.m.•2 views

CVE-2026-32834

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS5.9AI score0.00167EPSS

Exploits0References4

NVD•added 2026/05/04 5:16 p.m.•6 views

CVE-2026-42375

D-Link DIR-600L Hardware Revision A1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir600l" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...

9.8CVSS0.00269EPSS

Exploits1References1

NVD•added 2026/05/04 5:16 p.m.•6 views

CVE-2026-42372

D-Link DIR-605L Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir605l" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

8.8CVSS0.00092EPSS

Exploits1References1

NVD•added 2026/05/04 5:16 p.m.•6 views

CVE-2026-42373

D-Link DIR-605L Hardware Revision B2 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76dlwbrdir605L" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

9.8CVSS0.00269EPSS

Exploits1References1

Vulnrichment•added 2026/05/04 4:3 p.m.•3 views

CVE-2026-42376 D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials

D-Link DIR-456U Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01dlobdir456U" read from /etc/config/imagesign. The custom telnetd...

9.8CVSS5.8AI score0.00199EPSS

Exploits1References1

Cvelist•added 2026/05/04 4:3 p.m.•28 views

CVE-2026-42376 D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials

9.8CVSS0.00199EPSS

Exploits1References1

Cvelist•added 2026/05/04 4:2 p.m.•30 views

CVE-2026-42375 D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials

9.8CVSS0.00269EPSS

Exploits1References1

CVE•added 2026/05/04 4:2 p.m.•18 views

CVE-2026-42375

D-Link DIR-600L A1 (End-of-Life) is affected by CVE-2026-42375 due to a hardcoded telnet backdoor. The device runs a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u u...

9.8CVSS5.8AI score0.00269EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/05/04 4:0 p.m.•33 views

CVE-2026-42374 D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials

D-Link DIR-600L Hardware Revision B1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61dlwbrdir600L" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...

9.8CVSS0.00269EPSS

Exploits1References1

Vulnrichment•added 2026/05/04 4:0 p.m.•5 views

CVE-2026-42374 D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials

9.8CVSS5.8AI score0.00269EPSS

Exploits1References1

Cvelist•added 2026/05/04 3:57 p.m.•31 views

CVE-2026-42373 D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials

9.8CVSS0.00269EPSS

Exploits1References1

Vulnrichment•added 2026/05/04 3:57 p.m.•4 views

CVE-2026-42373 D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials