Lucene search
K

4246 matches found

NVD
NVD
added 2026/04/24 12:16 a.m.3 views

CVE-2026-39462

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

9.3CVSS0.0038EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

SenseLive X3050 安全漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a security vulnerability, which stems from the unreliable application of password updates. This vulnerability may cause the system to continue...

9.3CVSS5.8AI score0.0038EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35026

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.0054EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

BridgeHead FileStore 安全漏洞

BridgeHead FileStore is a medical data-oriented file storage and long-term archiving management system developed by BridgeHead Corporation in Canada. Previous versions of BridgeHead FileStore 24A contained security vulnerabilities. These vulnerabilities stemmed from the Apache Axis2 management...

9.8CVSS6.1AI score0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 11:52 p.m.36 views

CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

9.3CVSS0.0038EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 11:52 p.m.20 views

CVE-2026-39462

CVE-2026-39462 affects SenseLive X3050, where the web management interface fails to reliably apply password changes due to backend credential handling. After factory restore with SenseLive Config 2.0, the UI may indicate a successful password update while the system continues to accept previous o...

9.3CVSS5.8AI score0.0038EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/23 6:33 p.m.10 views

EUVD-2026-25250

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

6.1CVSS5.7AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 6:16 p.m.3 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

8.8CVSS0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 4:10 p.m.2 views

CVE-2026-5039 Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

6.1CVSS5.7AI score0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 4:10 p.m.4 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

6.1CVSS5.7AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34683

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N version v13 Description The TDDPv2 debug protocol uses DES-CBC encryption with a cryptographic key derived from default web management credentials. This makes the key predictable when the device maintains its default...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/22 10:3 p.m.16 views

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access

Summary The --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address all interfaces, regardless of what the user configures. On a LAN,...

9.8CVSS5.9AI score0.0044EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/04/22 10:3 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...

9.8CVSS6.1AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 10:3 p.m.6 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization due to improper network binding in the ListenAndServe function. An attacker can gain unauthorized remote access and execute arbitrary database queries by connecting to the exposed Bolt server interface over the...

9.8CVSS6.1AI score0.0044EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 10:3 p.m.5 views

GHSA-2HP7-65R3-WV54 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access

Summary The --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address all interfaces, regardless of what the user configures. On a LAN,...

9.8CVSS5.9AI score0.0044EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/22 6:31 p.m.3 views

EUVD-2018-21789

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 4:16 p.m.6 views

CVE-2018-25272

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS0.00422EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 2:57 p.m.5 views

CVE-2018-25272

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 2:57 p.m.7 views

CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 2:57 p.m.28 views

CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS0.00422EPSS
Exploits0References3
Rows per page
Query Builder