13 matches found
Securing the Web with HSTS-Enforced
TLS stripping attacks expose sensitive web traffic by forcing secure HTTPS connections to fall back to unencrypted HTTP. At present, protection against these attacks relies on website operators explicitly opting into security by deploying mechanisms such as HTTP Strict Transport Security HSTS...
Bosch Infotainment ECU security vulnerabilities
The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU. This vulnerability stems from the SSL engine using a default configuration, which results in the server root certificates not being...
CVE-2025-68716
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...
CVE-2025-62877
Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...
CVE-2025-11906
A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...
CVE-2025-43982
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...
CVE-2025-43982
CVE-2025-43982 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices (v3.4.2731.16.43). The underlying issue: SSH service is enabled by default and a hard-coded root account cannot be disabled via the GUI. Impact is described as high for confidentiality, integrity, and availability with net...
CVE-2025-43982
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...
The vulnerability of the Vinchin Backup & Recovery software for backup and restoration operations, related to the use of pre-installed user accounts, allows a hacker to elevate their privileges to the level of a root user.
The vulnerability of the Vinchin Backup & Recovery software regarding backup and restoration is related to the use of pre-installed user accounts. Exploiting this vulnerability allows a malicious actor to elevate their privileges to root-level by connecting with the default SSH account...
CVE-2022-42467
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
New Android P includes several security improvements
According to the Android developer Program Overview, the next major version of Android, Android 9.0 or P, is set to arrive soon. Their plans show a final release within the next three months Q3 2018. The end of the Android P beta program is approaching, with the first release candidate built and...
Rapid7 Nexpose Hardware Device Man-in-the-Middle Attack Vulnerability
Rapid7 Nexpose hardware appliances are hardware devices with Nexpose from Rapid7, Inc. Nexpose is a set of vulnerability management software that can synthesize the results of different scans to probe the network in depth. A man-in-the-middle vulnerability exists in the default SSH configuration ...
Cisco Virtual WSA/ESA/SMA remote-support feature default SSH host key vulnerability
The Cisco Web Security Virtual Appliance WSAv, Email Security Virtual Appliance ESAv, and Security Management Virtual Appliance SMAv are products of the Cisco Corporation. Cisco WSAv is a software version of the Web Security Appliance WSA, ESAv is a software version of the Email Security Applianc...