Lucene search
K

53 matches found

NVD
NVD
added last week8 views

CVE-2026-32315

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:45 p.m.16 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:45 p.m.8 views

CVE-2026-32315

motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/22 5:11 p.m.7 views

motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...

7.2CVSS5.8AI score0.2442EPSS
Exploits16References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51431

Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description Configuration files /etc/motioneye/motion.conf and camera-.conf are created with 644 permissions, making them readable by any local user on the system. The motion.conf file contains sensitive data...

5.5CVSS5.7AI score0.02902EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.14 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 9:26 p.m.11 views

Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass

Summary Information disclosure exists in Grav CMS v1.8.0-beta.29. Despite previous security patches notably in v1.8.0-beta.27/28 aimed at restricting sensitive object access within the Twig environment, the Accounts Service remains exposed. A low-privileged user EX: Content Editor with only...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/05 9:26 p.m.7 views

GHSA-3F29-PQWF-V4J4 Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass

Summary Information disclosure exists in Grav CMS v1.8.0-beta.29. Despite previous security patches notably in v1.8.0-beta.27/28 aimed at restricting sensitive object access within the Twig environment, the Accounts Service remains exposed. A low-privileged user EX: Content Editor with only...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37276

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A low-privileged user, such as a Content Editor with pages.update permissions, can bypass Twig sandbox restrictions by utilizing the grav'accounts' service. This allows an attacker to...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/27 2:54 a.m.31 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:54 a.m.5 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References2Affected Software2
GithubExploit
GithubExploit
added 2025/10/15 12:33 p.m.333 views

Exploit for SQL Injection in Getperfectsurvey Perfect_Survey

exploitcve-2021-24762 This repo shows an exploit to CVE-2021-...

9.8CVSS8AI score0.86896EPSS
Exploits7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-14354

Malware in sbrugna...

7.5CVSS7.6AI score0.01728EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-5007

Malware in sbrugna...

5CVSS6.4AI score0.02527EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2007-1189

Malware in sbrugna...

5CVSS6.4AI score0.02456EPSS
Exploits1References5
CVE
CVE
added 2025/09/09 7:56 p.m.22 views

CVE-2025-58760

CVE-2025-58760 affects Tautulli up to version 2.15.3. The vulnerability is a path traversal in the unauthenticated /image endpoint, which serves static images from the app data directory and can be exploited to read arbitrary files on the server. Impacted files include tautulli.db (JWT tokens) an...

8.6CVSS6.7AI score0.00602EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.6 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

8.8CVSS7.8AI score0.01775EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/01/26 12:0 a.m.8 views

PT-2023-19076 · Pi-Hole · Pi-Hole

Name of the Vulnerable Software and Affected Versions: Pi-hole versions 4.0 through 5.18.2 Description: The issue concerns the improper use of the admin WEBPASSWORD hash as a "Remember me for 7 days" cookie value in Pi-hole's Web interface. This allows an attacker to "pass the hash" and login or...

8.8CVSS8.5AI score0.0097EPSS
Exploits1References4
OSV
OSV
added 2022/11/15 2:15 a.m.7 views

CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of...

4.9CVSS5.8AI score0.28802EPSS
Exploits1References1
NVD
NVD
added 2022/01/14 8:15 p.m.11 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

8.8CVSS0.01775EPSS
Exploits1References3
Rows per page
Query Builder