Lucene search
K

2736 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 1:12 p.m.9 views

CVE-2026-8980 Privilege Escalation

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS5.8AI score0.00331EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 1:12 p.m.40 views

CVE-2026-8980 Privilege Escalation

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS0.00331EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:12 p.m.8 views

CVE-2026-8980

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS5.8AI score0.00331EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 1:12 p.m.24 views

CVE-2026-8980

The CVE-2026-8980 entry concerns the Mennekes Amtron series with firmware versions ≤ 5.22.3. Affected component: firmware handling privilege levels. The vulnerability allows an authenticated low-privileged user to escalate privileges by issuing crafted POST requests to change passwords for admin ...

10CVSS5.8AI score0.00331EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the management API’s user password endpoint. As a result,...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:30 a.m.20 views

CVE-2026-9609

CVE-2026-9609 affects QianFox FoxCMS up to version 1.2.6, targeting the Admin.php Edit function. The vulnerability enables weak password recovery through manipulation of the admin password flow, with remote initiation. Public exploit code exists, and the issue was reported via an issue but not ye...

5.8CVSS5.5AI score0.00223EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.83 views

📄 ZTE ZXHN H298A / H108N Credential Disclosure

A single unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 on ZTE H298A or H108N routers returns the live administrator password OBJUSERINFOIDPassword1, WLAN PSK WLANPSKKeyPassphrase1, and SSID in plaintext HTML. A second endpoint exposes the device serial number. -----BEGIN SECURITY...

7.5CVSS5.8AI score0.24681EPSS
Exploits3
Exploit DB
Exploit DB
added 2026/05/26 12:0 a.m.75 views

D-Link DSL2600U - 'rom-0' Admin Password Disclosure

Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmware Version: v1.08 from routersploit.libs.lzs.lzs import LZSDecompress import reques...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/22 8:48 p.m.20 views

CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS0.00398EPSS
Exploits0References11
CVE
CVE
added 2026/05/22 8:48 p.m.61 views

CVE-2026-3294

CVE-2026-3294 concerns an authentication logic vulnerability in multiple TP-Link range extenders. The issue allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation, enabling full administrative c...

8.8CVSS5.8AI score0.00398EPSS
Exploits0References11Affected Software1
EUVD
EUVD
added 2026/05/22 8:48 p.m.10 views

EUVD-2026-31502

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS5.8AI score0.00398EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/22 8:48 p.m.12 views

CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.7CVSS5.8AI score0.00398EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42832

Name of the Vulnerable Software and Affected Versions TP-Link range extenders affected versions not specified Description An authentication logic flaw allows an unauthenticated attacker on an adjacent network to reset the administrator password due to insufficient validation of a login parameter...

8.8CVSS5.8AI score0.00398EPSS
Exploits0References15
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: think-lmi: Fixed the ordering of password opcodes for workstations. Lenovo workstations require that the password opcode be executed before the attribute value is changed if the Admin password is enabled. This issue...

7.8CVSS5.8AI score0.00231EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/20 12:0 a.m.97 views

📄 ZTE ZXHN H298A 1.1 / H108N 2.6 Unauthenticated Credential Disclosure

ZTE ZXHN H298A 1.1 and H108N 2.6 suffer from an unauthenticated credential exposure vulnerability via the ETHCheat parameter in getpage.lua. Title: ZTE ZXHN H298A 1.1 / H108N 2.6 - Unauthenticated Credential Exposure ETHCheat Parameter Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE...

7.5CVSS5.8AI score0.24681EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-44382

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.3 Description An Insecure Direct Object Reference IDOR exists in the Admin API, which allows authenticated administrators to change the password of any user account, including SuperAdmin accounts, without proper...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40813

Name of the Vulnerable Software and Affected Versions CubeCart versions 6.6.x through 6.7.1 Description CubeCart builds the CC STORE URL constant directly from the Host request header during bootstrap without using an allowlist. This constant is embedded into transactional email links, specifical...

8.1CVSS5.8AI score0.00147EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/11 10:16 a.m.105 views

Exploit for CVE-2026-8260

CVE-2026-8260 Overview A buffer overflow vulnerability af...

9CVSS7.6AI score0.00997EPSS
Exploits2
EUVD
EUVD
added 2026/05/11 3:31 a.m.16 views

EUVD-2026-29016

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnapservice of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotel...

9CVSS7.6AI score0.00997EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/05/11 1:15 a.m.12 views

CVE-2026-8260

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnapservice of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotel...

9CVSS7.6AI score0.00997EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder