CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

400 matches found

OSV•added 2025/08/17 3:15 a.m.•2 views

CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etcro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high...

7.8CVSS4.7AI score

Exploits0References7

NVD•added 2025/08/17 3:15 a.m.•4 views

CVE-2025-9091

7.8CVSS0.00026EPSS

Exploits1References7

Cvelist•added 2025/08/17 2:32 a.m.•9 views

CVE-2025-9091 Tenda AC20 shadow hard-coded credentials

2.5CVSS0.00026EPSS

Exploits1References6

Vulnrichment•added 2025/08/17 2:32 a.m.•4 views

CVE-2025-9091 Tenda AC20 shadow hard-coded credentials

2.5CVSS6.9AI score0.00026EPSS

Exploits1References6

CVE•added 2025/08/17 2:32 a.m.•21 views

CVE-2025-9091

Summary: CVE-2025-9091 affects Tenda AC20, specifically the file /etc_ro/shadow. The root cause is hard-coded credentials in that file, enabling a local attack with high impact on confidentiality, integrity, and availability. Exploitation requires local access and is described as difficult, with ...

7.8CVSS3.7AI score0.00026EPSS

Exploits1References7Affected Software1

CNNVD•added 2025/08/17 12:0 a.m.•4 views

Tenda AC20 安全漏洞

Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a hard-coded credentials vulnerability that originates from the presence of hard-coded credentials in the file /etcro/shadow. An attacker can exploit the vulnerability to cause confidentiality to be compromised...

7.8CVSS6.9AI score0.00026EPSS

Exploits1References8

GithubExploit•added 2025/08/16 11:54 a.m.•119 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 Below v0.9.0 PoC Privilege Escalation Expl...

6.8CVSS8.7AI score0.00132EPSS

Exploits22

Positive Technologies•added 2025/08/16 12:0 a.m.•4 views

PT-2025-33608 · Tenda · Tenda Ac20

Name of the Vulnerable Software and Affected Versions: Tenda AC20 version 16.03.08.12 Description: A security flaw has been discovered in Tenda AC20. The vulnerability affects an unknown functionality of the file /etc ro/shadow. Manipulation of this file leads to the disclosure of hard-coded...

7.8CVSS3.3AI score0.00026EPSS

Exploits1References13

Tenable Nessus•added 2025/08/11 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-4598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the...

4.7CVSS6.3AI score0.00112EPSS

Exploits1References2

OSV•added 2025/07/14 3:15 a.m.•2 views

CVE-2025-7564

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

8.5CVSS5.2AI score0.00083EPSS

Exploits1References5

CNNVD•added 2025/07/14 12:0 a.m.•1 views

LB-LINK BL-AC3600 安全漏洞

LB-LINK BL-AC3600 is a dual-band Gigabit wireless router from China Bilink LB-LINK that supports 2.4GHz and 5GHz bands for home and small office networks. A security vulnerability exists in LB-LINK BL-AC3600 version 1.0.22, which originates from hard-coded credentials in the file /etc/shadow...

8.5CVSS7.7AI score0.00083EPSS

Exploits1References5

CNNVD•added 2025/07/09 12:0 a.m.•2 views

FNKvision FNK-GU2 加密问题漏洞

FNKvision FNK-GU2 is a camera from FNKvision Thailand. An encryption issue vulnerability exists in FNKvision FNK-GU2 version 40.1.7 and earlier, which stems from the use of risky encryption algorithms in the /etc/shadow file...

1.6CVSS4.3AI score0.00041EPSS

Exploits0References4

OSV•added 2025/07/04 2:43 p.m.•2 views

OESA-2025-1739 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged...

4.7CVSS6.2AI score0.00112EPSS

Exploits1References2

Packet Storm News•added 2025/06/26 12:0 a.m.•1 views

The Discovery, Disclosure, and Investigation of CVE-2024-25825

CVE-2024-25825 is a vulnerability found in FydeOS. This thesis describes its discovery, disclosure, and its further investigation in connection to a nation state actor. The vulnerability is CWE-1392: Use of Default Credentials, CWE-1393: Use of Default Password, and CWE-258: Empty Password in...

9.8CVSS7AI score0.00342EPSS

Exploits0

SUSE CVE•added 2025/06/03 2:45 a.m.•0 views

SUSE CVE-2025-4598

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...

4.7CVSS6.3AI score0.00112EPSS

Exploits1References16

OSV•added 2025/05/30 2:15 p.m.•3 views

AZL-64292 CVE-2025-4598 affecting package systemd for versions less than 250.3-23

4.7CVSS7AI score0.00112EPSS

Exploits1References1