1889 matches found
CVE-2026-40619
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...
CVE-2026-40619
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...
CVE-2026-40619
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...
CVE-2026-40619
CVE-2026-40619 affects Genetec Security Center main server installations. The issue could allow an attacker with local OS privileges on the main server to access the Server Admin credentials . It is tied to specific installation package builds, not just the product version, with vulnerable and re...
EUVD-2026-33946
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...
PT-2026-45778
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...
Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple
CVE-2019-9053 — Unauthenticated SQL Injection in CMS Made Simp...
Apache ActiveMQ RCE via Jolokia addNetworkConnector
Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...
CVE-2026-7786
The CVE-2026-7786 affects Jinan USR IOT’s USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter. The firmware image contains plaintext administrative credentials that can be extracted via firmware analysis and used to authenticate to device services, enabling administrator access. Reported CVSS v3.1 sco...
CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials
Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...
CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials
Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...
CVE-2026-5386 KMW CCTV Security Cameras Unverified Password Change
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...
CVE-2018-25385
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...
EUVD-2018-21918
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...
EUVD-2018-21907
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
CVE-2018-25385
CVE-2018-25385 affects E-Registrasi Pencak Silat 18.10. The flaw is an SQL injection in the id_partai parameter of monitor_nilai.php, exploitable via unauthenticated GET requests with crafted payloads. attackers can extract sensitive data including admin credentials and user data. Root cause: imp...
PT-2026-44863
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id partai parameter. Attackers can send GET requests to monitor nilai.php with crafted SQL payloads in the id part...