CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

PT-2025-40998

Name of the Vulnerable Software and Affected Versions Clash Verge versions through 2.2.3 Description The software installs system services clash-verge-service by default and exposes functions through an unauthorized HTTP API. Specifically, the /start clash API endpoint allows local users to submi...

Router-Exploiter

Router-Exploiter A powerful and stealthy penetration testing t...

Percona PMM Server 安全漏洞

Percona PMM Server is an open source database observability, monitoring and management tool for MySQL, PostgreSQL, MongoDB and ProxySQL from Percona. A security vulnerability exists in Percona PMM Server versions prior to 3.0.0-1.ova, which stems from default service account credentials that coul...

CVE-2025-26701

An issue was discovered in Percona PMM Server OVA before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3...

CVE-2025-23012

Fedora Repository 3.8.x includes a service account fedoraIntCallUser with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version 6.5.1 as of...

Fedora 安全漏洞

Fedora is a set of Linux operating systems from the Fedora community. A security vulnerability exists in Fedora version 3.8.x that stems from the presence of default service account credentials and permissions, which allows an attacker to read local files by manipulating the data stream...

CVE-2024-50374

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote...

CVE-2024-50374

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote...

CVE-2024-50373

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote...

Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation

Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to...

CVE-2022-26237

The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data...

CVE-2020-27836

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentialit...

PT-2022-8878 · Unknown · Cluster-Ingress-Operator

Name of the Vulnerable Software and Affected Versions: cluster-ingress-operator affected versions not specified Description: A flaw was found in the cluster-ingress-operator, related to how the router-default service allows only certain IP source ranges. This could allow an attacker to access...

Netgear NETGEAR JGS516PE 安全漏洞

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A firmware update vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP server being active by default. An attacker could exploit this vulnerability to update the...

CVE-2018-20321

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...

PT-2019-10045 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.0.0 through 2.1.5 Description: An issue allows project members with access to the default namespace to execute administrative privileged commands against the k8s cluster by mounting the netes-default service account in a po...

PT-2017-4331 · Hikvision · Hikvision Ds-2Cd2432F-Iw

Name of the Vulnerable Software and Affected Versions: Hikvision DS-2CD2432F-IW affected versions not specified Description: The issue is related to the use of a default SSID without WiFi encryption or authentication in Hikvision IP cameras. This can allow a remote attacker to gain elevated...

Arkeia Possible remote root & information leakage

During the testing of arkeia a few security holes has been discovered. Vulnerable System: Arkeia 4.2.x, 5.2.x and 5.3.x Details: 1. Writable directory $ ls -ld /opt/arkeia/server/dbase/ drwxrwxrwx 10 root root 4096 gru 27 13:40 /opt/arkeia/server/dbase/ 2. Default the "root" account password is s...