314 matches found
CVE-2020-8142
A security restriction bypass vulnerability has been discovered in Revive Adserver version 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was howev...
CVE-2017-18373
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a...
CVE-2019-20033
On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface...
The vulnerability of the HTTP server in the Mini_http integrated software for Netgear DGND3700 routers allows a hacker to bypass existing security restrictions and gain unauthorized access to the device’s web interface.
The vulnerability of the HTTP server in the Minihttp embedded software of Netgear DGND3700 routers is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain unauthorized access to the device’s...
CVE-2025-0123
A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/...
CVE-2025-0123
Summary: CVE-2025-0123 affects Palo Alto Networks PAN-OS. Unlicensed administrators can view clear-text data captured via the packet-capture feature in decrypted HTTP/2 data streams on the firewall; HTTP/1.1 streams are not impacted. Exploitation requires access to the management interface and su...
PT-2025-14791 · Jhipster · Generator-Jhipster-Entity-Audit
Name of the Vulnerable Software and Affected Versions: generator-jhipster-entity-audit versions prior to 5.9.1 Description: The issue allows for unsafe reflection when Javers is selected as the Entity Audit Framework. If an attacker can place malicious classes into the classpath and access the RE...
CVE-2025-2995
The CVE-2025-2995 issue affects Tenda FH1202, specifically the Web Management Interface’s /goform/SysToolChangePwd endpoint. PT-2025-13697 documents a critical problem in version 1.2.0.14(408) caused by improper access controls in that file, enabling a remote attacker to initiate exploitation. Pu...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.10.0 through 11.5.0, which stems from a lack of user state checking and could lead to improper API access...
PT-2025-13698 · Tenda · Tenda Fh1202
Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue affects the Web Management Interface component, specifically the unknown processing of the file /goform/SysToolDDNS. This leads to improper access controls, allowing for remote...
CVE-2025-27615
CVE-2025-27615 affects umatiGateway. The Red Hat entry describes that the user interface may be publicly accessible when using the provided docker-compose file, allowing configuration to be viewed and altered. The root cause appears to be UI exposure beyond localhost, with a patch in commit 5d81a...
CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file
umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...
Vulnerabilities fixed in Palo Alto Networks PAN OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an authentication bypass that allows unauthenticated malicious actors to invoke specific PHP scripts through the management Web interface, an unauthenticated file deletion that allows malicious actors to delete...
CVE-2024-8893
Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1...
CVE-2024-36787
An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors...
IXON IXrouter IX2400 安全漏洞
The IXON IXrouter IX2400 is an industrial router from the Dutch company IXON. A security vulnerability exists in the IXON IXrouter IX2400 version v3.0, which stems from the inclusion of hard-coded root credentials that allow a physically proximate attacker to gain root access via UART or SSH...
CVE-2024-37601
An issue was discovered in Mercedes Benz NTG New Telematics Generation 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause t...
CVE-2023-34406
An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG New Telematics Generation 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the...
Wattsense Bridge 6.x Remote Root / Information Disclosure
Wattsense Bridge suffers a multitude of security issues. The JTAG interface can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. A serial interface can be accessed with physical access to the PCB. After connecting to the...
CVE-2025-26408 Unprotected JTAG Interface
The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...