Lucene search
K

2735 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.2 views

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

7.1CVSS5.9AI score0.08943EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.4 views

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

5.9AI score0.08943EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29045

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H188A versions V6.0.10P2 TE through V6.0.10P3N3 TE Description An issue exists that allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface. These credentials...

7.1CVSS5.8AI score0.08943EPSS
Exploits3References8
CVE
CVE
added 2026/03/30 12:0 a.m.71 views

CVE-2026-34472

CVE-2026-34472 affects ZTE ZXHN H188A routers with firmware versions V6.0.10P2_TE and V6.0.10P3N3_TE. An unauthenticated attacker on the local network can access the router’s web management wizard interface to disclose sensitive credentials (default administrator password, WLAN PSK, PPPoE credent...

7.1CVSS5.9AI score0.08943EPSS
Exploits3References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-30701

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

9.1CVSS5.9AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.6 views

CVE-2025-15552

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.7 views

CVE-2025-15553

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.5 views

CVE-2025-15587

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...

8.6CVSS5.7AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-23813

A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password...

9.8CVSS6.8AI score0.00736EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.5AI score0.00672EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-31846

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

7.1CVSS5.8AI score0.0025EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/25 9:41 a.m.11 views

SHARP routers missing authentication for some web APIs

Overview SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information. Missing authentication for critical function CWE-306 - CVE-2026-32326 Shota Zaizen reported this...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/25 9:31 a.m.16 views

EUVD-2026-15194

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS5.8AI score0.00278EPSS
Exploits0References3
NVD
NVD
added 2026/03/25 8:16 a.m.5 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/25 7:38 a.m.23 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS0.00278EPSS
Exploits0References2
CERT
CERT
added 2026/03/24 12:0 a.m.7 views

Hard coded credentials vulnerability in GoHarbor's Harbor

Overview GoHarbor's Harbor default admin password presents a security risk because it does not require change upon initial deployment. Description GoHarbor's Harbor is an open-source OCI-compliant container registry project that stores, signs, and manages container images. Harbor initializes with...

9.4CVSS6.5AI score0.00498EPSS
Exploits0References4
NVD
NVD
added 2026/03/23 3:16 p.m.9 views

CVE-2026-33478

WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The clones.json.php endpoint exposes clone secret keys without...

10CVSS0.13266EPSS
Exploits1References2
NVD
NVD
added 2026/03/23 2:16 p.m.5 views

CVE-2026-33297

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...

9.1CVSS0.00342EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 2:1 p.m.1 views

CVE-2026-33478

WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The clones.json.php endpoint exposes clone secret keys without...

10CVSS6.4AI score0.13266EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder