CVE-2026-9139

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...

CVE-2026-42072

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...

CVE-2026-31850

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...

PT-2025-47959

Name of the Vulnerable Software and Affected Versions Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware versions prior to 1.3.4 Description The NVMS-9000 firmware contains a flaw that allows unauthorized remote access. An attacker can send a specially crafted TCP payload to the NVMS-90...

PT-2025-33281 · Undefined · Undefined

KuWFi CPF908-CP5 WEB5.0 LCD 20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform set cmd process and goform/goform get cmd process. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and...

CVE-2025-43983

CVE-2025-43983 affects KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices. The vulnerability set involves unauthenticated access to goform/goform_set_cmd_process and goform/goform_get_cmd_process, enabling an attacker to retrieve sensitive information (including the admin username/password), modify cri...

DEBIAN-CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

CVE-2023-39171

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials...

CVE-2020-14501

Advantech iView, versions 5.6 and prior, has an improper authentication for critical function CWE-306 issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also...

CVE-2019-17600

Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled...

CVE-2018-18008

spaces.htm on multiple D-Link devices DSL, DIR, DWR allows remote unauthenticated attackers to discover admin credentials...

WordPress FTP/SSH Forms Function Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress FTP/SSH forms feature. The vulnerability can be used to...

boastMachine <=3.1 SQL Injection Vulnerbility

...:::::boastMachine =3.1 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the...