61137 matches found
CVE-2026-42376
D-Link DIR-456U Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01dlobdir456U" read from /etc/config/imagesign. The custom telnetd...
CVE-2026-42376
CVE-2026-42376 affects D-Link DIR-456U hardware revision A1 (End-of-Life). The description reports a hardcoded telnet backdoor: at boot a telnet daemon runs with username “Alphanetworks” and password read from /etc/config/image_sign; a -u user:password flag is accepted by the custom telnetd, and ...
CVE-2026-42375 D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
D-Link DIR-600L Hardware Revision A1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir600l" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...
CVE-2026-42375
D-Link DIR-600L Hardware Revision A1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir600l" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...
EUVD-2026-27025
D-Link DIR-600L Hardware Revision B1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61dlwbrdir600L" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...
CVE-2026-42374
D-Link DIR-600L Hardware Revision B1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61dlwbrdir600L" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...
CVE-2026-42374 D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials
D-Link DIR-600L Hardware Revision B1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61dlwbrdir600L" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...
CVE-2026-42373
D-Link DIR-605L Hardware Revision B2 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76dlwbrdir605L" read from /etc/alphaconfig/imagesign. The custom telnetd binary...
EUVD-2026-27023
D-Link DIR-605L Hardware Revision B2 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76dlwbrdir605L" read from /etc/alphaconfig/imagesign. The custom telnetd binary...
CVE-2026-42373
D-Link DIR-605L Hardware Revision B2 (End-of-Life) ships a hardcoded telnet backdoor. At boot, a telnet daemon starts via /bin/telnetd.sh with username "Alphanetworks" and a static password read from /etc/alpha_config/image_sign. The custom telnetd/login binaries validate credentials using strcmp...
CVE-2026-42372
D-Link DIR-605L Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir605l" read from /etc/alphaconfig/imagesign. The custom telnetd binary...
CVE-2026-44430
creationtimestamp| type| source ---|---|--- 2026-05-04 14:46:47+00:00| published-proof-of-concept| https://github.com/modelcontextprotocol/registry/security/advisories/GHSA-r48c-v28r-pf6v 2026-05-15 01:23:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlu6biqaqu2t...
CVE-2026-33857
creationtimestamp| type| source ---|---|--- 2026-05-04 14:41:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzvptsfrz2i 2026-05-04 17:41:16+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3ml27rzgg6v2z 2026-05-05 00:01:50+00:00| seen|...
CVE-2026-6266
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
CVE-2026-3120
creationtimestamp| type| source ---|---|--- 2026-05-04 13:36:25+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mkzs46ut6b2v 2026-05-04 14:31:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzv5tvt2a2v...
CVE-2026-7737
creationtimestamp| type| source ---|---|--- 2026-05-04 10:49:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzis3qk2b2k...
CVE-2026-7743
creationtimestamp| type| source ---|---|--- 2026-05-04 10:46:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzimpqg2u2t...
CVE-2026-7740
creationtimestamp| type| source ---|---|--- 2026-05-04 10:41:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkziddwljr2n...
GHSA-3V3M-WC6V-X4X3
creationtimestamp| type| source ---|---|--- 2026-05-04 08:45:23+00:00| seen| https://bsky.app/profile/mfahlandt.bsky.social/post/3mkzbtsjhx52w 2026-05-08 20:47:09+00:00| seen| https://bsky.app/profile/kubonai.bsky.social/post/3mlem23uryx2s 2026-05-13 14:46:52+00:00| seen|...
Weak Password Recovery Mechanism for Forgotten Password
Overview phpbb/phpbb is a Forum Software application. Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the forceservervars configuration being disabled. An attacker can cause password reset emails to contain links to attacker-controll...