TP-Link Archer C64 安全漏洞

The TP-Link Archer C64 is a wireless router produced by TP-Link Corporation. The TP-Link Archer C64 V1 version has a security vulnerability. This vulnerability stems from improper execution of the authentication rate limit during the debugging of the SSH service. As a result, attackers in adjacen...

Taiko AG1000-01A SMS Alert Gateway 信任管理问题漏洞

The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. It supports SMS-based alert notifications and remote event messaging. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain vulnerabilities...

Tyler Identity Local 安全漏洞

Tyler Identity Local is a government and public sector identity authentication and local identity management system developed by the American company Tyler. Tyler Identity Local has a security vulnerability, which stems from the use of documented default management credentials. Users do not need ...

CVE-2026-33060

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

CVE-2025-11500 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

CVE-2025-11500 Credentials exposure in tinycontrol devices

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

NuCom 11N 安全漏洞

The NuCom 11N is a wireless router from NuCom USA. A security vulnerability exists in the NuCom 11N version 5.07.90 that originates from an unprivileged user having access to management credentials via a configured backup endpoint, which could result in elevated privileges...

EUVD-2018-11726

Malware in sbrugna...

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services AWS Instance Metadata Service IMDS. The vulnerability in question is CVE-2025-51591 CVSS score: 6.5,...

CVE-2025-54818

Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channe...

Linux Distros Unpatched Vulnerability : CVE-2018-1074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including clearte...

AZL-56446 CVE-2024-27137 affecting package cassandra 4.0.10-1

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

PT-2024-38780 · Xcc · Xcc

Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: The issue concerns the exposure of IPMI credentials in XCC audit log entries. This occurs when the account username length is 16 characters. Recommendations: At the moment, there is no...

CVE-2023-26239

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user...

CVE-2022-25363

WatchGuard Firebox and XTM appliances are affected by CVE-2022-25363 where an authenticated remote attacker with unprivileged credentials can modify privileged management user credentials. Affected: Fireware OS versions before 12.7.2_U2; 12.x before 12.1.3_U8; 12.2.x through 12.5.x before 12.5.9_...

D-Link DIR601 Credential Disclosure Vulnerability

The D-Link DIR-601 is a popular class 150M home product. A credential disclosure vulnerability exists in the D-Link DIR601. An attacker can exploit the vulnerability to retrieve sensitive information related to device configuration and management credentials...

CVE-2018-1074

ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts the...

ovirt-engine: API exposes power management credentials to administrators

The ovirt-engine API and administration web portal exposed Power Management credentials including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control...

Cisco Ultra Services Framework AutoVNF User Credential Information Disclosure Vulnerability

Cisco Ultra Services Framework is an intelligent online service delivery platform from Cisco.AutoVNF tool is one of the virtualized network tools. An information disclosure vulnerability exists in the AutoVNF tool in Cisco Ultra Services Framework versions prior to 5.0.3 and versions prior to 5.1...