CVE-2026-22200

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

CVE-2024-46429

A hardcoded credentials vulnerability in Tenda W18E V16.01.0.81625 allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges...

CVE-2024-46429

CVE-2024-46429 concerns a hardcoded credentials vulnerability in the Tenda W18E web management portal. Affected component: W18E device web interface (V16.01.0.8(1625)). Root cause: presence of a default guest account with administrative privileges that can be used by unauthenticated remote attack...

CVE-2024-12553

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest...

Default credentials

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to...

Linksys WRT350N unauthorized access

Outdated SAMBA version is used, default admin:admin account is present and default guest account...

barracudeHardcode.txt

Title: Barracuda Hardcoded Password Vulnerability Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 28 May 2006 Overview: Barracuda Sp...