CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/25 10:16 a.m.•12 views

CVE-2026-9274

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

5.2CVSS0.00012EPSS

CNNVD•added 2026/05/25 12:0 a.m.•4 views

CP Plus Wi-Fi Camera 安全漏洞

CP Plus Wi-Fi Camera is a wireless security camera from CP Plus. A security vulnerability exists in the CP Plus Wi-Fi Camera that stems from improper protection of sensitive information in runtime memory, which could allow an attacker with physical access to obtain sensitive information including...

5.2CVSS5.8AI score0.00012EPSS

CVE•added 2026/04/13 9:28 p.m.•5 views

CVE-2026-22566

CVE-2026-22566 describes an improper access control vulnerability in UniFi Play components. Affected: UniFi Play PowerAmp (<= 1.0.35) and UniFi Play Audio Port (

7.5CVSS5.8AI score0.00016EPSS

Positive Technologies•added 2026/04/13 12:0 a.m.•0 views

PT-2026-32537

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

7.5CVSS5.8AI score0.00016EPSS

Cvelist•added 2026/03/30 12:0 a.m.•18 views

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

0.00829EPSS

Exploits3References2

CVE•added 2026/02/03 10:1 p.m.•7 views

CVE-2020-37093

Netis E1+ 1.2.32533 is affected by an information-disclosure vulnerability exposed via the netcore_get.cgi endpoint. An unauthenticated attacker can issue a GET request to netcore_get.cgi and retrieve sensitive wireless credentials, including SSID and WiFi passwords, in plain text. The issue is s...

8.7CVSS5.4AI score0.00058EPSS

RedhatCVE•added 2026/01/09 10:46 a.m.•1 views

CVE-2022-0184

Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode...

4.3CVSS6.8AI score0.00071EPSS

NVD•added 2025/12/17 5:15 p.m.•5 views

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

6.6CVSS0.00006EPSS

Vulnrichment•added 2025/12/17 12:0 a.m.•1 views

CVE-2025-65855

7.4AI score0.00006EPSS

RedhatCVE•added 2025/12/11 5:3 a.m.•2 views

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

4.6CVSS6.2AI score0.00018EPSS

EUVD•added 2025/12/10 9:31 p.m.•1 views

EUVD-2025-202623

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

6.1AI score0.00071EPSS

EUVD•added 2025/12/10 9:31 p.m.•1 views

EUVD-2025-202619

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor. Additionally, if an attacker were locate...

6.1AI score0.00045EPSS

OSV•added 2025/12/10 9:16 p.m.•0 views

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and...

4.6CVSS5.8AI score

NVD•added 2025/12/10 9:16 p.m.•3 views

CVE-2025-65823

9.8CVSS0.00071EPSS

CNNVD•added 2025/12/10 12:0 a.m.•2 views

Meatmeet Pro BBQ Thermometer 安全漏洞

Meatmeet Pro BBQ Thermometer is an advanced smart thermometer from Meatmeet. A security vulnerability exists in the Meatmeet Pro BBQ Thermometer version v1.0.34.4, which stems from the inclusion of hard-coded Wi-Fi credentials in the firmware, which could lead to unauthorized network access...

9.8CVSS6.7AI score0.00071EPSS

CVE•added 2025/12/10 12:0 a.m.•9 views

CVE-2025-65825

The CVE-2025-65825 entry affects Meatmeet basestation firmware where the firmware image is not encrypted. The root cause is unencrypted firmware dumping via UART after physical access, enabling an attacker to extract the firmware and access credentials stored in the NVS partition for current and ...

4.6CVSS6.2AI score0.00014EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/10/22 12:0 a.m.•4 views

PT-2025-43061

Name of the Vulnerable Software and Affected Versions Ghost Robotics Vision 60 version 0.27.2 Description The Ghost Robotics Vision 60 APK version 0.27.2 contains exposed encrypted WiFi and SSH credentials. An attacker can connect to the robot’s WiFi network and access all its data, as the system...

8.8CVSS6.4AI score0.00026EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-10165

Malware in sbrugna...

5.3CVSS5.7AI score0.00182EPSS