CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/08 5:45 a.m.•20 views

CVE-2026-11493

CVE-2026-11493 affects Tenda AC15 firmware 15.03.05.19. The vulnerable element is an unknown function within the Samba component’s file /etc_ro/smb.conf. The description states that manipulating this element can cause weak password requirements, with the attack confined to the local network and a...

5CVSS5.1AI score0.00224EPSS

Exploits0References6

CNNVD•added 2026/06/08 12:0 a.m.•5 views

Tenda AC15 安全漏洞

The Tenda AC15 is a wireless router produced by the Chinese company Tenda. Version 15.03.05.19 of the Tenda AC15 contains a security vulnerability. This vulnerability stems from incorrect operations with the file /etcro/smb.conf in the Samba component, which may lead to weak password requirements...

5CVSS5.4AI score0.00224EPSS

RedhatCVE•added 2026/05/27 8:14 p.m.•14 views

CVE-2026-9394

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

NVD•added 2026/05/27 2:16 p.m.•8 views

CVE-2024-40684

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

9.8CVSS0.0036EPSS

CVE•added 2026/05/27 1:48 p.m.•7 views

CVE-2024-40684

CVE-2024-40684 affects IBM Operations Analytics – Log Analysis (versions 1.3.5.0–1.3.8.4). The root cause is weaknesses in backend authentication and session management that allow weak password policy enforcement by default, facilitating potential account compromise. Impact is described as a lack...

9.8CVSS5.8AI score0.0036EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/24 8:16 p.m.•13 views

CVE-2026-9394

3.1CVSS0.00225EPSS

ATTACKERKB•added 2026/05/24 7:30 p.m.•11 views

CVE-2026-9394

Exploits0References5Affected Software1

CVE•added 2026/05/24 7:30 p.m.•21 views

CVE-2026-9394

The CVE concerns Besen BS20 EV Charging Station, specifically a vulnerability in the Bluetooth Low Energy Handler that can be exploited by manipulating an unknown function to trigger weak password requirements. AFFECTED COMPONENT: Besen BS20 EV Charging Station; vulnerability type is related to B...

Positive Technologies•added 2026/05/24 12:0 a.m.•11 views

PT-2026-42964

CNNVD•added 2026/05/24 12:0 a.m.•8 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, contains security vulnerabilities. These vulnerabilities stem from improper operation ...

3.1CVSS5.8AI score0.00225EPSS

GithubExploit•added 2026/05/13 8:29 p.m.•112 views

Rcon-Bruteforce

RCON Scanner & Exploitation Toolkit ⚠️ EDUCATIONAL PURPOSE...

10CVSS7.9AI score0.99999EPSS

Exploits346

Positive Technologies•added 2026/05/01 12:0 a.m.•4 views

PT-2026-36301

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitatio...

6.3CVSS5.4AI score0.01097EPSS

Exploits1References6

EUVD•added 2026/04/24 12:31 a.m.•4 views

EUVD-2026-25317

OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute...

6.3CVSS5.8AI score0.00328EPSS

NVD•added 2026/04/23 10:16 p.m.•4 views

CVE-2026-41333

6.3CVSS0.00328EPSS

Cvelist•added 2026/04/23 9:57 p.m.•26 views

CVE-2026-41333 OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken

6.3CVSS0.00328EPSS

Vulnrichment•added 2026/04/23 9:57 p.m.•1 views

CVE-2026-41333 OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken

6.3CVSS5.2AI score0.00328EPSS

CVE•added 2026/04/17 3:14 p.m.•21 views

CVE-2026-6284

CVE-2026-6284 affects Horner Automation PLC products (Cscape software and XL4/XL7 XL-series PLCs). Vulnerability stems from weak password requirements: limited password complexity and no input-rate limits enable network-auth brute-forcing to gain unauthorized access to systems and services. Attac...

9.3CVSS5.7AI score0.00449EPSS

Vulnrichment•added 2026/04/17 3:14 p.m.•4 views

CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

9.3CVSS5.7AI score0.00449EPSS

RedhatCVE•added 2026/04/13 7:23 p.m.•1 views

CVE-2026-33771

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS5.7AI score0.00245EPSS