Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 10:58 a.m.1 views

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

8.4CVSS7.9AI score0.00007EPSS
Exploits0References1
OSV
OSVadded 2026/01/08 1:15 p.m.2 views

CVE-2025-62877

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

9.8CVSS5.8AI score0.0002EPSS
Exploits0References2
NVD
NVDadded 2025/10/30 8:15 a.m.1 views

CVE-2025-11906

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

6.7CVSS0.00016EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/08/13 12:0 a.m.3 views

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

7.2AI score0.00095EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/08/13 12:0 a.m.7 views

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

0.00095EPSS
Exploits0References2
CVE
CVEadded 2025/08/13 12:0 a.m.20 views

CVE-2025-43982

CVE-2025-43982 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices (v3.4.2731.16.43). The underlying issue: SSH service is enabled by default and a hard-coded root account cannot be disabled via the GUI. Impact is described as high for confidentiality, integrity, and availability with net...

9.8CVSS7.2AI score0.00095EPSS
Exploits0References2
CNVD
CNVDadded 2017/06/06 12:0 a.m.2 views

Rapid7 Nexpose Hardware Device Man-in-the-Middle Attack Vulnerability

Rapid7 Nexpose hardware appliances are hardware devices with Nexpose from Rapid7, Inc. Nexpose is a set of vulnerability management software that can synthesize the results of different scans to probe the network in depth. A man-in-the-middle vulnerability exists in the default SSH configuration ...

8.5CVSS6.8AI score0.0018EPSS
Exploits0References1
CNVD
CNVDadded 2015/06/29 12:0 a.m.3 views

Cisco Virtual WSA/ESA/SMA remote-support feature default SSH host key vulnerability

The Cisco Web Security Virtual Appliance WSAv, Email Security Virtual Appliance ESAv, and Security Management Virtual Appliance SMAv are products of the Cisco Corporation. Cisco WSAv is a software version of the Web Security Appliance WSA, ESAv is a software version of the Email Security Applianc...

4.3CVSS7.1AI score0.00684EPSS
Exploits0References1
Rows per page
Query Builder