Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28644

Name of the Vulnerable Software and Affected Versions TL-WR850N version 3 Description The issue allows for the storage of administrative and Wi-Fi credentials in cleartext within a region of the device’s flash memory. The serial interface remains enabled and is protected by weak authentication. A...

6.8CVSS5.9AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.8 views

PT-2026-21239

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The web management interface allows the administrator username and password to be set to blank values. After applying these blank values, the device allows...

9.8CVSS5.4AI score0.0057EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.7 views

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS5.4AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 6:16 p.m.9 views

CVE-2026-22229

A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device,...

8.6CVSS0.01887EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/02 5:48 p.m.4 views

CVE-2026-0631 Command Injection Vulnerability on TP-Link Archer BE230 v1.2

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

8.5CVSS5.9AI score0.01293EPSS
Exploits0References4
ICS
ICS
added 2026/01/29 7:0 a.m.7 views

KiloView Encoder Series (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

9.8CVSS5.6AI score0.00495EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.9 views

PT-2026-5327

Name of the Vulnerable Software and Affected Versions KiloView Encoder Series affected versions not specified Description A missing authentication check for a critical function in KiloView Encoder Series allows an unauthenticated attacker to create or delete administrator accounts. Successful...

9.8CVSS5.9AI score0.00495EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/26 9:31 p.m.6 views

EUVD-2025-199763

An unauthenticated administrative access vulnerability exists in the open-source HashTech project https://github.com/henzljw/hashtech 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 2021-07-02. Due to missing authentication checks on /adminindex.php, an attacker can directly access the...

6.5AI score0.00364EPSS
Exploits0References2
OSV
OSV
added 2025/09/29 9:15 p.m.4 views

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

9.8CVSS5.9AI score0.01152EPSS
Exploits1References4
CVE
CVE
added 2025/09/29 8:38 p.m.24 views

CVE-2025-34223

CVE-2025-34223 affects Vasion Print Virtual Appliance Host (pre-22.0.1049) and Vasion Print Application (pre-20.0.2786). An unauthenticated attacker can reach an installation-time endpoint at /admin/query/update_database.php, submit arbitrary root_user/root_password values, and replace the defaul...

10CVSS6.9AI score0.01152EPSS
Exploits1References4Affected Software2
Packet Storm
Packet Storm
added 2019/10/08 12:0 a.m.175 views

Socomec DIRIS A-40 Password Disclosure

description Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. ------------------------------------------ Vulnerability Type Incorrect Access Control...

0.34113EPSS
Exploits1
Rows per page
Query Builder