Lucene search
K

1897 matches found

EUVD
EUVD
added 2026/05/07 6:30 p.m.15 views

EUVD-2026-28399

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyon...

9.8CVSS5.8AI score0.00531EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/07 4:10 p.m.10 views

CVE-2026-7414 Hardcoded credentials in Yarbo robot firmware

Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyon...

9.8CVSS5.8AI score0.00531EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.12 views

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets the...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/05 9:31 a.m.9 views

EUVD-2026-27235

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 7:16 a.m.14 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS0.00242EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 6:22 a.m.5 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36984

Name of the Vulnerable Software and Affected Versions PaperCut Hive Ricoh embedded application affected versions not specified Description An issue exists where the application records administrative credentials in plain text within log files when the "Deep Logging" diagnostic mode is enabled. An...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/30 1:18 p.m.5 views

CVE-2026-7163 Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure

A vulnerability in the assisted-service REST API, an optional Assisted Installer assisted-service component in the Multicluster Engine MCE, allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub...

6.1CVSS5.7AI score0.00165EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/30 1:18 p.m.4 views

CVE-2026-7163

A vulnerability in the assisted-service REST API, an optional Assisted Installer assisted-service component in the Multicluster Engine MCE, allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub...

6.1CVSS5.7AI score0.00165EPSS
Exploits0References9
CVE
CVE
added 2026/04/27 3:10 p.m.15 views

CVE-2026-41464

ProjeQtor versions 7.0–12.4.3 expose a missing authorization vulnerability in objectDetail.php. Authenticated users with guest-level privileges can access data belonging to other users (including password hashes and API keys) by directly hitting the endpoint without ownership or RBAC validation, ...

7.1CVSS5.3AI score0.00304EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/23 11:22 p.m.89 views

Exploit for OS Command Injection in Zyxel Vmg8623-T50B_Firmware

CVE-2026-1459-POC POC for the CVE-2026-1459 which payload c...

7.2CVSS5.8AI score0.00902EPSS
Exploits1
EUVD
EUVD
added 2026/04/23 12:31 a.m.9 views

EUVD-2026-25133

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS5.5AI score0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 7:12 p.m.7 views

CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API

mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...

7.2CVSS5.9AI score0.09874EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/21 7:3 a.m.23 views

Improper Access Control

github.com/redhatinsights/runtimes-inventory-operator is vulnerable to improper access control. The vulnerability is due to a misconfigured internal proxy that attaches administrative credentials to all commands, which allows a standard user to send unauthorized commands and gain full cluster...

8.7CVSS7.3AI score0.00215EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.6 views

Quantum Networks router 安全漏洞

The Quantum Networks router is a network routing device developed by the Indian company Quantum Networks. The Quantum Networks router has a security vulnerability. This vulnerability stems from the lack of rate-limiting mechanisms and CAPTCHA protection in the web-based management interface. As a...

8.8CVSS5.8AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 6:31 p.m.6 views

EUVD-2026-22963

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

4.9CVSS6AI score0.09213EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 5:17 p.m.3 views

CVE-2026-20078

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

6.5CVSS0.00388EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 4:3 p.m.2 views

CVE-2026-20186 Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.2AI score0.06315EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 4:3 p.m.21 views

CVE-2026-20148

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by a path traversal vulnerability due to improper input validation. An authenticated attacker with administrative credentials can issue a crafted HTTP request to read arbitrary files on the underlying OS. Exploitation details indicate ...

4.9CVSS6AI score0.09213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 4:3 p.m.16 views

CVE-2026-20148 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

4.9CVSS0.09213EPSS
Exploits0References1
Rows per page
Query Builder