Lucene search
K

13 matches found

Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.9 views

Securing the Web with HSTS-Enforced

TLS stripping attacks expose sensitive web traffic by forcing secure HTTPS connections to fall back to unencrypted HTTP. At present, protection against these attacks relies on website operators explicitly opting into security by deploying mechanisms such as HTTP Strict Transport Security HSTS...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Bosch Infotainment ECU security vulnerabilities

The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU. This vulnerability stems from the SSL engine using a default configuration, which results in the server root certificates not being...

6.5CVSS5.8AI score0.00291EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.5 views

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

8.4CVSS7.9AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2026/01/08 1:15 p.m.6 views

CVE-2025-62877

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 8:15 a.m.5 views

CVE-2025-11906

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

6.7CVSS0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/13 12:0 a.m.11 views

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

0.00338EPSS
Exploits0References2
CVE
CVE
added 2025/08/13 12:0 a.m.25 views

CVE-2025-43982

CVE-2025-43982 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices (v3.4.2731.16.43). The underlying issue: SSH service is enabled by default and a hard-coded root account cannot be disabled via the GUI. Impact is described as high for confidentiality, integrity, and availability with net...

9.8CVSS7.2AI score0.00338EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.4 views

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

7.2AI score0.00338EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.7 views

The vulnerability of the Vinchin Backup & Recovery software for backup and restoration operations, related to the use of pre-installed user accounts, allows a hacker to elevate their privileges to the level of a root user.

The vulnerability of the Vinchin Backup & Recovery software regarding backup and restoration is related to the use of pre-installed user accounts. Exploiting this vulnerability allows a malicious actor to elevate their privileges to root-level by connecting with the default SSH account...

10CVSS7.7AI score0.01147EPSS
Exploits4References3Affected Software1
NVD
NVD
added 2022/10/19 8:15 a.m.31 views

CVE-2022-42467

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

5.3CVSS0.01198EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2018/07/27 7:12 p.m.15 views

New Android P includes several security improvements

According to the Android developer Program Overview, the next major version of Android, Android 9.0 or P, is set to arrive soon. Their plans show a final release within the next three months Q3 2018. The end of the Android P beta program is approaching, with the first release candidate built and...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/06/06 12:0 a.m.3 views

Rapid7 Nexpose Hardware Device Man-in-the-Middle Attack Vulnerability

Rapid7 Nexpose hardware appliances are hardware devices with Nexpose from Rapid7, Inc. Nexpose is a set of vulnerability management software that can synthesize the results of different scans to probe the network in depth. A man-in-the-middle vulnerability exists in the default SSH configuration ...

8.5CVSS6.8AI score0.00507EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/29 12:0 a.m.12 views

Cisco Virtual WSA/ESA/SMA remote-support feature default SSH host key vulnerability

The Cisco Web Security Virtual Appliance WSAv, Email Security Virtual Appliance ESAv, and Security Management Virtual Appliance SMAv are products of the Cisco Corporation. Cisco WSAv is a software version of the Web Security Appliance WSA, ESAv is a software version of the Email Security Applianc...

4.3CVSS7.1AI score0.02241EPSS
Exploits0References1
Rows per page
Query Builder