CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...

CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

CVE-2025-67305

In RUCKUS Network Director (RND) versions prior to 4.5.0.56, the OVA appliance ships hardcoded SSH keys for the postgres user that are identical across deployments. An attacker with network access can SSH in without a password, gain superuser access to the PostgreSQL database, and create administ...

PT-2025-49541

Name of the Vulnerable Software and Affected Versions Infinera MTC-9 versions R22.1.1.0275 through R22.1.1.0275 Description The Remote Shell Service RSH in Infinera MTC-9 allows an attacker to gain system access. This is achieved by exploiting password-less user accounts and activating a reverse...

CVE-2025-59704

The CVE-2025-59704 entry affects Entrust nShield hardware: Connect XC, 5c, and HSMi up to specific versions (through 13.6.11 and 13.7). The issue is that the BIOS menu is unpassworded, enabling an attacker with physical access to reach BIOS controls. Sources from Red Hat and NVD corroborate the B...

EUVD-2025-199639

The Primakon Pi Portal 1.0.18 API /api/V2/ppudfvadmin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH...

CVE-2025-34323

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

EUVD-2017-11788

Malware in sbrugna...

Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell

!/usr/bin/env python Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: = 4.7.18.0.eden Logic ver: 6.00 Summary: EVE is a smart home and building automation solution designed for both residential and commercial...

CVE-2025-26344

CVE-2025-26344 describes a CWE-306 vulnerability in Q-Free MaxTime

PT-2024-31581 · Spectra · Ons-S8

Name of the Vulnerable Software and Affected Versions: ONS-S8 - Spectra Aggregation Switch affected versions not specified Description: The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a...

JumpServer Security Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from a security vulnerability that stems from the fact that it is possible to authenticate to the core APIs using a username and SSH public key, without the need for a...

CVE-2023-28481

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

PT-2023-21751 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in Tigergraph Enterprise where there is unsecured write access to the SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public k...

TigerGraph 安全漏洞

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition version 3.x. The vulnerability stems from the presence of...

Design/Logic Flaw

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...

CVE-2022-45857

An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...

PT-2023-14784 · Fortinet · Fortigate +1

Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.4.6 and below Description: The issue is related to an incorrect user management vulnerability in the VDOM creation component. This may allow an attacker to access a FortiGate without a password via newly created VDOMs...

Fortinet FortiManager 安全漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

CVE-2022-2104

The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...