CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2387 matches found

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS5.9AI score0.08991EPSS

Exploits1References3

Nuclei•added yesterday•18 views

Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS7.9AI score0.54074EPSS

Exploits1References5

RedhatCVE•added 3 days ago•5 views

CVE-2026-39908

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS5.5AI score0.00075EPSS

Exploits0References1

NVD•added 4 days ago•3 views

CVE-2026-39908

7.1CVSS0.00075EPSS

Exploits0References2

CVE•added 4 days ago•9 views

CVE-2026-39908

OpenBullet2 ≤ v0.3.2 on Windows suffers a credential disclosure via a UNC-path proxy source. When a job loads proxies from an attacker-controlled UNC path, an SMB authentication occurs and reveals the NTLMv2 hash of the process user, enabling relay or offline cracking. Affected component is the p...

7.1CVSS5.6AI score0.00075EPSS

Exploits0References2

ATTACKERKB•added 4 days ago•4 views

CVE-2026-39908

7.1CVSS5.5AI score0.00075EPSS

Exploits0References3

Cvelist•added 4 days ago•29 views

CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

7.1CVSS0.00075EPSS

Exploits0References2

Nuclei•added 4 days ago•20 views

Crestron Device - Credentials Disclosure

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

10CVSS7.8AI score0.92106EPSS

Exploits5References5

RedhatCVE•added last week•6 views

CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

9.8CVSS6.5AI score0.00481EPSS

Exploits0References1

Vulnrichment•added 2026/06/04 5:13 p.m.•9 views

CVE-2026-25550 Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service

9.8CVSS6.5AI score0.00481EPSS

Exploits0References2

ATTACKERKB•added 2026/06/04 5:13 p.m.•5 views

CVE-2026-25550

9.8CVSS6.5AI score0.00481EPSS

Exploits0References3

EUVD•added 2026/06/04 5:13 p.m.•9 views

EUVD-2026-34304

9.8CVSS6.5AI score0.00481EPSS

Exploits0References2

Packet Storm News•added 2026/06/04 12:0 a.m.•13 views

Credential Disclosure in (EU) Digital Identity Wallets: Privacy Risks and Practical Mitigations

The European Union will introduce the EUDI Wallet by late 2026, which allows users to hold digital credentials i.e., representations of physical official identity documents on their devices. This will allow users to securely and privately disclose identity attributes to websites. Although such a...

5.5AI score

Exploits0

Vulnrichment•added 2026/06/02 11:13 a.m.•6 views

CVE-2026-8993 Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

6.5CVSS5.8AI score0.00035EPSS

Exploits0References2

CVE•added 2026/06/02 11:13 a.m.•19 views

CVE-2026-8993

Technical details are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.8AI score0.00035EPSS

Exploits0References2

NVD•added 2026/05/29 4:16 p.m.•8 views

CVE-2018-25396

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

8.7CVSS0.00058EPSS

Exploits0References2

CVE•added 2026/05/29 2:46 p.m.•12 views

CVE-2018-25396

The affected product is Heatmiser Wifi Thermostat 1.7. The vulnerability is a credential disclosure on the networkSetup.htm page, allowing unauthenticated attackers to retrieve plaintext administrative credentials from HTML form fields to gain administrative access. The root cause described is ex...

8.7CVSS5.8AI score0.00058EPSS

Exploits0References2

EUVD•added 2026/05/29 2:46 p.m.•9 views

EUVD-2018-21918

8.7CVSS5.8AI score0.00058EPSS

Exploits0References2

Cvelist•added 2026/05/29 2:46 p.m.•28 views

CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

8.7CVSS0.00058EPSS

Exploits0References2

Vulnrichment•added 2026/05/29 2:46 p.m.•10 views

CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm