Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 12:0 a.m.7 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

5.8AI score0.24681EPSS
Exploits3References3
CVE
CVE
added 2026/05/06 12:0 a.m.24 views

CVE-2026-34474

CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2659

Malicious code in bioql PyPI...

8.2CVSS8AI score0.00412EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/02/05 8:10 a.m.8 views

CVE-2024-29026

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit...

8.2CVSS6.4AI score0.00412EPSS
Exploits1References1
CVE
CVE
added 2024/07/01 9:33 p.m.54 views

CVE-2024-39314

The CVE-2024-39314 issue affects toy-blog versions 0.4.3 to before 0.5.0, where the administrative password was leaked via a command line parameter (root cause: command line exposure). A fix is available in version 0.5.0. As a workaround, versions 0.4.14 and later can pass the bearer token via st...

4.7CVSS5AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.8 views

PT-2024-28438 · Toy-Blog · Toy-Blog

Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.4.3 through 0.4.14 toy-blog versions prior to 0.4.14 Description: The administrative password is leaked through the command line parameter. This issue was patched in version 0.5.0. Recommendations: For versions 0.4.14 and...

4.7CVSS7.4AI score0.00174EPSS
Exploits0References4
OSV
OSV
added 2023/09/22 5:15 p.m.4 views

CVE-2023-41027

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint...

8.8CVSS5.8AI score0.00761EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/22 12:0 a.m.7 views

PT-2023-27747 · Juplink · Juplink Rx4-1500

Name of the Vulnerable Software and Affected Versions: Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 Description: The issue allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint "/webs/userpasswd.htm"...

8.8CVSS8.4AI score0.00761EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.6 views

Juplink RX4-1500 Security Vulnerability

The Juplink RX4-1500 is a wireless router from Juplink. A security vulnerability exists in the Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5, which originates from an information disclosure vulnerability in the /webs/userpasswd.htm endpoint. An attacker can exploit the...

8.8CVSS6.2AI score0.00761EPSS
Exploits0References2
OSV
OSV
added 2020/10/07 11:40 a.m.15 views

SUSE-SU-2020:2876-1 Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon

This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila,...

9.8CVSS8.8AI score0.09619EPSS
Exploits4References17
OSV
OSV
added 2020/05/07 6:15 p.m.5 views

CVE-2020-10973

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacke...

7.5CVSS7.2AI score0.07759EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/11/26 11:29 p.m.4 views

CVE-2018-13317

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm...

6.1CVSS5.5AI score0.00991EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2005/07/14 12:0 a.m.25 views

phpsftpd.txt

Author: Stefan Lochbihler Date: 11. Juli 2005 Affected Software: PHPsFTPd Software Version: 0.2 - 0.4 Software URL: http://phpsftpd.sourceforge.net/ Attack: Admin password leak about PHPsFTPd: PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/06/11 12:0 a.m.19 views

Edimax 7205APL

Vendor: Edimax Type: 7205APL Firmware: 2.40a-00 Kind of bug: Security Description: Normally a user called addmin, has to create a password on the Accesspoint. When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file. Opening the file in Notepad gave the...

0.3AI score
Exploits0
Rows per page
Query Builder