CVE-2026-42609

Grav CVE-2026-42609 describes a business-logic flaw in the Grav Admin Panel where a low-privileged user with admin user-creation permissions can overwrite a higher-privilege account by creating a new user with an existing username. The system incorrectly updates the existing account’s metadata an...

RustFS: ListServiceAccount authorizes against wrong admin action, enabling cross-user enumeration and root service account takeover

Summary ListServiceAccount GET /rustfs/admin/v3/list-service-accounts?user= authorizes cross-user requests against UpdateServiceAccountAdminAction instead of ListServiceAccountsAdminAction at rustfs/src/admin/handlers/serviceaccount.rs:936. The handler accepts the wrong admin action and rejects t...

Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability

Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system...

CVE-2020-37092

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

CVE-2020-37092 Netis E1+ 1.2.32533 - Backdoor Account (root)

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

CVE-2020-37092

CVE-2020-37092 affects Netis E1+ devices with firmware 1.2.32533, where a hardcoded root account allows unauthenticated attackers to gain full administrative access via a predefined crackable password. This vulnerability enables remote compromise with network access and is supported by multiple s...

CVE-2020-37092

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

Netis E1+ 信任管理问题漏洞

Netis E1+ is a wireless signal amplifier developed by the Chinese company Netis. Version 1.2.32533 of Netis E1+ contains a vulnerability related to trust management. This vulnerability stems from the presence of a hardcoded root account, allowing attackers to access devices using predefined...

PT-2026-5842

Name of the Vulnerable Software and Affected Versions Netis E1+ version 1.2.32533 Description The Netis E1+ device version 1.2.32533 has a hardcoded root account that allows unauthenticated attackers to access the device using predefined credentials. Attackers can exploit the embedded root accoun...

CVE-2018-18754

ZyXEL VMG3312-B10B 1.00AAPP.7 devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file...

CVE-2016-10305

Trango Apex = 2.1.1, ApexLynx 2.0, ApexOrion 2.0, ApexPlus = 3.2.0, Giga = 2.6.1, GigaLynx 2.0, GigaOrion 2.0, GigaPlus = 3.2.3, GigaPro = 1.4.1, StrataLink 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software...

CVE-2017-18449

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...

CVE-2020-12713

An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root...

CVE-1999-0421

During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password...

EUVD-2025-198160

Legacy Vivotek Device firmware uses default credetials for the root and user login accounts...

Vivotek Camera 安全漏洞

Vivotek Camera is a webcam from China VIVOTEK Communications Vivotek. A security vulnerability exists in Vivotek Camera that stems from the firmware using default credentials to log into the root and user accounts...

Access Control Bypass

Overview @kottster/cli is a CLI for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by repeatedly triggering...

GHSA-J3W7-9QC3-G96P Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

Access Control Bypass

Overview @kottster/common is a Common types and utilities for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands ...

EUVD-2025-34787

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...