Lucene search
K

148 matches found

Vulnrichment
Vulnrichment
added 2026/02/27 6:7 p.m.5 views

CVE-2026-27751 SODOLA SL902-SWTGW124AS <= 200.1.20 Use of Default Credentials

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement t...

9.8CVSS6AI score0.00449EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22369

Name of the Vulnerable Software and Affected Versions SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 Description The device allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using hardcoded default credentials without...

9.8CVSS6AI score0.00449EPSS
Exploits0References10
NVD
NVD
added 2026/02/17 9:22 p.m.5 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.7 views

CVE-2025-47205

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.6AI score0.0041EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.8 views

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.9 and earlier contain security vulnerabilities. These vulnerabilities stem from insecure default configurations, which may allow unverified remote attackers to gain administrator privileges and execut...

9.8CVSS6.1AI score0.00759EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6836

Name of the Vulnerable Software and Affected Versions 3DP-MANAGER versions 2.0.1 and prior Description 3DP-MANAGER, an inbound generator for 3x-ui, automatically creates an administrative account with default credentials admin/admin upon initial setup. An attacker with network access to the...

9.8CVSS5.4AI score0.00364EPSS
Exploits0References10
NVD
NVD
added 2026/01/30 5:16 a.m.7 views

CVE-2026-24728

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication...

9.3CVSS0.00413EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/30 3:48 a.m.6 views

CVE-2026-24728 Interinfo DreamMaker - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication...

9.3CVSS6AI score0.00413EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/30 3:48 a.m.29 views

CVE-2026-24728 Interinfo DreamMaker - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication...

9.3CVSS0.00413EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.31 views

PT-2026-4329

Name of the Vulnerable Software and Affected Versions HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.2.800 HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.3.300 Description A privilege escalation flaw exists in HPE Alletra 6000/5000 and Nimble Storage arrays. An...

9CVSS5.3AI score
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53596)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/03 3:7 p.m.10 views

CVE-2025-57705

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessin...

6.9CVSS6.9AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.7 views

PT-2026-1087

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.2.7.3256 build 20250913 QuTS hero versions prior to 5.3.1.3250 build 20250912 Description An out-of-bounds read issue exists in QNAP operating systems. A remote...

6.9CVSS6.6AI score0.00286EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/12/31 6:31 p.m.268 views

Exploit for CVE-2025-68860

CVE-2025-68860 WordPress Mobile builder Plugin = 1.4.2 is...

9.8CVSS7.5AI score0.0048EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.5 views

Qnap QTS and QuTS hero Improper Limitation of a Pathname to a Restricted Directory (CVE-2024-37046)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the...

4.9CVSS5.5AI score0.00676EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.4 views

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50399)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

7.2CVSS5.5AI score0.00574EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.6 views

Qnap QTS and QuTS hero Use of Externally-Controlled Format String (CVE-2024-50403)

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

7.2CVSS5.5AI score0.00465EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/17 9:7 a.m.9 views

CVE-2021-4468

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

8.7CVSS6.9AI score0.0066EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 7:30 a.m.5 views

EUVD-2025-119991

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.4AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 2025/11/04 5:16 p.m.6 views

CVE-2025-61945

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weathe...

10CVSS0.00751EPSS
Exploits0References2
Rows per page
Query Builder