Lucene search
K

58397 matches found

Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-55288

Name of the Vulnerable Software and Affected Versions AutoBangumi versions prior to 3.2.8 Description An issue exists where hard-coded default credentials are seeded at startup via the add default user function in the database user module when the users table is empty. This allows unauthenticated...

9.8CVSS6AI score
Exploits0References9
OSV
OSV
added 2 days ago2 views

GHSA-VH4V-2XQ2-G5CG ORAS Go forwards registry credentials across registry redirects

ORAS Go forwards registry credentials across registry redirects Reporter / public credit: JUNYI LIU Summary ORAS Go can forward registry credentials configured for one registry origin to a different HTTP origin during registry redirects. There are two related paths: 1. A manifest or metadata...

6.9CVSS6.1AI score
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-58453

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS0.0169EPSS
Exploits0References3
CVE
CVE
added 2 days ago5 views

CVE-2026-13211

CVE-2026-13211 affects the Genucenter web interface prior to version 8.0p11, where SNMP authentication and encryption keys are exposed in HTTP responses to users with Service or Admin roles. This disclosure creates a confidentiality risk (SNMP credentials exposed); the documentation does not spec...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-13211 Genucenter Disclosure of SNMP Credentials

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...

4.3CVSS0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-58453 JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS0.0169EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-58453

JAIOTlink C492A-W6 Wi‑Fi IP cameras (firmware 4.8.30.57701411) are affected by CVE-2026-58453 due to hard-coded credentials. An attacker on the network can authenticate to the anyka_ipc HTTP service (port 80) using the default admin username with an empty password, gaining unauthorized access to ...

9.8CVSS5.8AI score0.0169EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41049

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS5.8AI score0.0169EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-54673

A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability allows a remote attacker to obtain sensitive user credentials. When an Electron application performs an HTTP redirect, the electron-updater's redirect handler fails to strip...

8.2CVSS5.7AI score0.00235EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2 days ago12 views

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface CLI, compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range 2a0a:d683::/32 controlled by...

5.8AI score
Exploits0
NVD
NVD
added 2 days ago10 views

CVE-2026-7829

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

7.2CVSS0.00504EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS0.00183EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40432

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard on its text-to-speech TTS generation endpoint packages/server/src/controllers/text-to-speech/index.ts, independent of the server's configured CORS policy. This bypasses the server's otherwise restrictive default CORS...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40443

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40846

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40414

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS5.8AI score0.00437EPSS
Exploits0References6
NVD
NVD
added 3 days ago5 views

CVE-2026-56350

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

7.7CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-54673

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...

8.2CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-50110

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago20 views

CVE-2026-50110 Use of Hard-coded Credentials in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS0.00128EPSS
Exploits0References3
Rows per page
Query Builder