CVE-2026-32842 Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext

Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...

Exploit for CVE-2025-1242

ICSA-26-055-03 — Gardyn Home Kit IoT Vulnerabilities CISA ICS...

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

PT-2025-54420

Name of the Vulnerable Software and Affected Versions NuCom 11N Wireless Router version 5.07.90 Description A flaw exists that allows users without administrative privileges to gain access to administrative credentials. This is achieved by sending a specially crafted HTTP GET request to the...

CVE-2025-11393

The CVE-2025-11393 entry concerns a misconfigured internal proxy in runtimes-inventory-rhel8-operator. The root cause is an internal proxy component that attaches the cluster’s main administrative credentials to any command, enabling a standard user to issue unauthorized commands with full cluste...

EUVD-2025-203395

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

CVE-2025-11393 Insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator: improper proxy configuration allows unauthorized administrative commands

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

PT-2025-51254

Name of the Vulnerable Software and Affected Versions runtimes-inventory-rhel8-operator affected versions not specified Description A configuration issue exists in an internal proxy component of runtimes-inventory-rhel8-operator. The proxy incorrectly attaches the cluster’s administrative...

CVE-2024-14007 TVT NVMS-9000 < 1.3.4 Unauthenticated Administrative Queries & Information Disclosure

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products versions prior to 1.3.4 contain an authentication bypass in the NVMS-9000 control protocol. By sending a single crafted TCP payload to an exposed NVMS-9000 control port, an unauthenticated...

EUVD-2007-3514

Malware in sbrugna...

EUVD-2021-26862

Malware in sbrugna...

EUVD-2018-8471

Malware in sbrugna...

EUVD-2018-10793

Malware in sbrugna...

EUVD-2018-9746

Malware in sbrugna...

EUVD-2022-38919

Malicious code in bioql PyPI...

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0LCD20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goformsetcmdprocess and goform/goformgetcmdprocess. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and password,...

Ricoh Printer Driver Packager NX 数据伪造问题漏洞

Ricoh Printer Driver Packager NX is a tool for IT managers at Ricoh Japan to customize and package printer drivers. A security vulnerability exists in Ricoh Printer Driver Packager NX versions v1.0.02 through v1.1.25, which originated when administrator privileges are required for the installatio...

CVE-2022-20860

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus...

Unspecified Vulnerability in NETGEAR RAX40

The NETGEAR RAX40 is a wireless router from NETGEAR. A security vulnerability exists in the NETGEAR RAX40 prior to version 1.0.3.64, which can be exploited by an attacker to obtain administrative credentials...

PT-2018-5364 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A clear text transmission of password issue exists in the web server and telnet functionality. An attacker can intercept network traffic to obtain the admin password for the device, and the...