CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7557 matches found

CVE•added 2024/12/06 12:0 a.m.•67 views

CVE-2024-54749

CVE-2024-54749 affects Ubiquiti U7-Pro (firmware 7.0.35). A hardcoded password in /etc/shadow could allow root login. The supplier disputes the observation, noting that a password exists in the firmware image but the device requires setting a new password during installation. Public sources concu...

7.5CVSS7.2AI score0.00207EPSS

Exploits0References1

Positive Technologies•added 2024/12/06 12:0 a.m.•3 views

PT-2024-36412 · Ubiquiti · Ubiquiti U7-Pro

Name of the Vulnerable Software and Affected Versions: Ubiquiti U7-Pro version 7.0.35 Description: A hardcoded password vulnerability was discovered in /etc/shadow, which allows attackers to log in as root. However, the supplier disputes this claim, stating that the device cannot be deployed...

7.5CVSS7.2AI score0.00207EPSS

Exploits0References9

CVE•added 2024/12/06 12:0 a.m.•44 views

CVE-2024-54750

CVE-2024-54750 affects Ubiquiti U6-LR firmware version 6.6.65, with a reported hardcoded password vulnerability in /etc/shadow that could enable login as root. The description notes that Ubiquiti disputes the vulnerability, claiming the hardcoded password should be post-setup, not pre-existing. T...

9.8CVSS9.6AI score0.00424EPSS

Exploits0References1

Vulnrichment•added 2024/12/06 12:0 a.m.•8 views

CVE-2024-54747

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

7.5AI score0.00533EPSS

Exploits1References2

Positive Technologies•added 2024/12/04 12:0 a.m.•4 views

PT-2024-35791 · Thinkware · Thinkware Cloud Apk

Name of the Vulnerable Software and Affected Versions: Thinkware Cloud APK version 4.3.46 Description: A hardcoded decryption key in the Thinkware Cloud APK allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. Recommendations: For Thinkware Cloud APK...

6.5CVSS7.7AI score0.00549EPSS

Exploits0References6

NVD•added 2024/11/26 8:15 a.m.•15 views

CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

9.1CVSS0.01088EPSS

Exploits1References7

CVE•added 2024/11/26 7:38 a.m.•90 views

CVE-2024-36248

CVE-2024-36248 affects Sharp MFPs and related devices, where API keys for cloud services are hardcoded in the main binary. This root cause can enable exposure or misuse of cloud credentials by anyone gaining access to the device, potentially allowing unauthorized external access or data exposure ...

9.1CVSS6.7AI score0.01088EPSS

Exploits1References7

Cvelist•added 2024/11/26 7:38 a.m.•29 views

CVE-2024-36248

9.1CVSS0.01088EPSS

Exploits1References6

Vulnrichment•added 2024/11/26 7:38 a.m.•12 views

CVE-2024-36248

9.1CVSS9.2AI score0.01088EPSS

Exploits1References6

Positive Technologies•added 2024/11/26 12:0 a.m.•6 views

PT-2024-26930 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue involves hardcoded API keys for some cloud services in the "main" binary, posing security risks. The details of affected product...

9.1CVSS7AI score0.01088EPSS

Exploits1References10

ATTACKERKB•added 2024/11/22 8:15 p.m.•0 views

CVE-2023-51638

Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a...

9.8CVSS5.8AI score0.01323EPSS

Exploits0References3Affected Software1