Lucene search
K

1894 matches found

Cvelist
Cvelist
added 2026/05/29 2:46 p.m.33 views

CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.10 views

EUVD-2018-21907

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44863

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id partai parameter. Attackers can send GET requests to monitor nilai.php with crafted SQL payloads in the id part...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 3:45 p.m.29 views

CVE-2026-8697

CVE-2026-8697 affects TP-Link Archer C64 v1, where the debug SSH service imposes no authentication rate-limiting. This allows an attacker with adjacent network access to brute-force administrative credentials via SSH and gain full admin control, with impact to confidentiality, integrity, and avai...

8.8CVSS5.8AI score0.0051EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 3:45 p.m.13 views

CVE-2026-8697 Improper Authentication Rate Limiting on TP-Link's Archer C64

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 3:45 p.m.35 views

CVE-2026-8697 Improper Authentication Rate Limiting on TP-Link's Archer C64

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.7CVSS0.0051EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:45 p.m.9 views

CVE-2026-8697

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS5.8AI score0.00402EPSS
Exploits0References14
Snyk
Snyk
added 2026/05/27 9:32 p.m.7 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/user-collection/create-first-user endpoint, which remains publicly accessible after initial setup. An attacker can obtain bcrypt password hashes of all administrator accounts and...

8.7CVSS5.8AI score0.00298EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/27 3:33 p.m.12 views

EUVD-2026-32277

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

9.3CVSS5.8AI score0.00662EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:16 p.m.11 views

CVE-2026-35089

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS0.00589EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:42 p.m.16 views

CVE-2026-35089

Slican telephone exchanges expose admin credentials because the secure key is generated predictably from exchange properties without authentication. CVE-2026-35089 (and CVE-2026-35087) describe an unauthenticated path to deduce the secure key and gain admin access. Remediations (per affected entr...

8.7CVSS5.8AI score0.00589EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 12:42 p.m.10 views

CVE-2026-35089 Use of Weak Credentials in Slican telephone exchanges

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS5.8AI score0.00589EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 12:42 p.m.41 views

CVE-2026-35089 Use of Weak Credentials in Slican telephone exchanges

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS0.00589EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:45 a.m.7 views

CVE-2026-9627

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...

9CVSS7.6AI score0.00497EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Netis AC1200 安全漏洞

The Netis AC1200 is a series of dual-band wireless broadband routers produced by the Chinese company Netis. The Netis AC1200 V4.0.1.4296 version contains a security vulnerability. This vulnerability stems from the CGI endpoint/cgi-bin/skkget.cgi function, which can return the entire router...

7.3CVSS5.8AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43472

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...

9CVSS6AI score0.00497EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-43706

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

5.8AI score0.00358EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:0 a.m.15 views

CVE-2026-36539

The affected product is Netis AC1200 Router NC21 (firmware version referenced: V4.0.1.4296). The issue is an unauthenticated CGI endpoint at /cgi-bin/skk_get.cgi that returns the entire router configuration as JSON, exposing administrator credentials, Wi‑Fi and PPPoE credentials, DDNS credentials...

7.3CVSS5.8AI score0.00358EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43700

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

8.7CVSS5.8AI score0.00589EPSS
Exploits0References2
Rows per page
Query Builder