Lucene search
K

323 matches found

NVD
NVD
added 2025/08/12 4:15 p.m.6 views

CVE-2025-8452

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

4.3CVSS0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/12 3:23 p.m.13 views

CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

4.3CVSS0.00227EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/08/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-4429

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534...

10CVSS7.7AI score0.71363EPSS
In wildExploits10References2
NVD
NVD
added 2025/08/08 7:15 p.m.4 views

CVE-2012-10042

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...

8.7CVSS0.00906EPSS
Exploits0References4
CVE
CVE
added 2025/08/08 6:12 p.m.16 views

CVE-2012-10042

CVE-2012-10042 affects Sflog! CMS 1.0 via an authenticated file-upload vulnerability in the blog management interface (manage.php). With default credentials (admin:secret), authenticated users can upload files to blogs/download/uploads/, where the upload validation is insufficient, enabling a PHP...

8.7CVSS7.4AI score0.00906EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/08/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-51978

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

9.8CVSS5.8AI score0.7656EPSS
In wildExploits0References2
ATTACKERKB
ATTACKERKB
added 2025/06/25 8:15 a.m.1 views

CVE-2024-51978

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

9.8CVSS7.3AI score0.7656EPSS
Exploits0References10Affected Software48
Rapid7 Blog
Rapid7 Blog
added 2025/06/25 12:0 a.m.7 views

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Overview Update June 25, 2025: Update statistics to reflect an additional 6 affected models from Konica Minolta, Inc. Rapid7 conducted a zero-day research project into multifunction printers MFP from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some o...

9.8CVSS9.7AI score0.7656EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/06/11 12:0 a.m.5 views

The vulnerability of the microprogramming software of the Elspec G5 digital event recorder, related to the use of default administrative account information, allows a intruder to gain unauthorized access to the device.

The vulnerability of the microprogramming software of the Elspec G5 digital event recorder is related to the use of default administrative account information. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the device...

9.9CVSS5.5AI score0.00326EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.7 views

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

8.4CVSS7AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.7 views

CVE-2020-27689

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...

9.8CVSS7.5AI score0.0217EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:11 p.m.20 views

CVE-2020-11720

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password...

9.8CVSS7.2AI score0.01833EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/03/12 10:42 a.m.133 views

kentico-xperience13-AuthBypass-wt-2025-0011

WT-2025-0011 CVE not assigned yet Kentico Xperience 13 CMS -...

7.5AI score
Exploits0
OSV
OSV
added 2025/02/12 5:15 a.m.4 views

CVE-2024-13653

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' function in all versions up to, and including, 2.12.0. This makes it possible fo...

8.8CVSS7.4AI score0.0048EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/04 11:45 p.m.9 views

CVE-2024-22768

Improper Input Validation in Hitron Systems DVR HVR-4781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

7.5CVSS6.9AI score0.00562EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:43 p.m.8 views

CVE-2024-22770

Improper Input Validation in Hitron Systems DVR HVR-16781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

7.5CVSS6.8AI score0.00496EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.2 views

MegaBIP 安全漏洞

MegaBIP is a software for creating BIP websites from MegaBIP Inc. A security vulnerability exists in MegaBIP version 5.15, which stems from the fact that the default admin portal path, which is recommended to be changed during installation, is publicly available in the /registered.php source code...

9.8CVSS6.1AI score0.00479EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.4 views

PT-2024-31500

Name of the Vulnerable Software and Affected Versions EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2 c1.9.51 Description The issue allows for OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During initial setup, the device creates an open unsecured...

7.8CVSS7.7AI score0.34662EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/21 12:0 a.m.13 views

Adobe FrameMaker Publishing Server 2022 < 17.0.1 (2022.0.1) Security Feature Bypass (APSB23-58)

The version of Adobe FrameMaker Publishing Server installed on the remote Windows host is prior to Adobe FrameMaker Publishing Server 2022 17.0.1. It is, therefore, affected by a vulnerability as referenced in the apsb23-58 advisory. - Adobe FrameMaker Publishing Server versions 2022 and earlier...

9.8CVSS8.3AI score0.01373EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.267 views

Online Eyewear Shop 1.0 Insecure Settings

============================================================================================================================================= | Title : Online Eyewear Shop v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Rows per page
Query Builder