PT-2025-36321

Name of the Vulnerable Software and Affected Versions: PTZOptics and ValueHD-based pan-tilt-zoom cameras affected versions not specified Description: PTZOptics and ValueHD-based pan-tilt-zoom cameras utilize default, shared credentials for the administrative web interface. This allows unauthorize...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user-supplied input on the /appain/admin/filemanager endpoint, which can be exploited by an attacker to steal a victim's cookie-based authentication credentials...

CVE-2025-9731

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity...

CVE-2025-9806

The CVE-2025-9806 entry concerns Tenda F1202 devices (firmware versions 1.2.0.9–1.2.0.20) with an issue in the Administrative Interface’s /etc_ro/shadow function. Manipulating the input Fireitup locally can cause hard-coded credentials to be exposed. Exploitation requires local access and a high ...

CVE-2025-55472

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...

CVE-2025-9778

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

CVE-2025-9778 Tenda W12 Administrative shadow hard-coded credentials

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

CVE-2025-9577

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this...

PT-2025-35412

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A vulnerability exists in Tenda AC9 version 15.03.05.19 related to hard-coded credentials within the Administrative Interface component. The vulnerability resides in an unknown function of the /etc...

CVE-2025-57819

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issu...

CVE-2025-9577

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this...

PT-2025-35125

Name of the Vulnerable Software and Affected Versions seeedstudio ReSpeaker LinkIt7688 affected versions not specified Description A vulnerability exists in seeedstudio ReSpeaker LinkIt7688, impacting an unknown function within the Administrative Interface component’s /etc/shadow file. This...

PT-2025-35127

Name of the Vulnerable Software and Affected Versions TOTOLINK X2000R versions through 2.0.0 Description A security flaw has been discovered that allows for the use of default credentials. The affected element is an unknown function within the /etc/shadow.sample file of the Administrative Interfa...

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

CVE-2025-51991

XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection SSTI in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is...

Default Credentials in nginx-defender Configuration Files

Impact This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these...

CVE-2025-31988

HCL Digital Experience is susceptible to cross site scripting XSS in an administrative UI with restricted access...