CVE-2026-31881

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

CVE-2025-63207

The R.V.R Elettronica TEX product firmware TEXL-000400, Web GUI TLAN-000400 is vulnerable to broken access control due to improper authentication checks on the /Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting ...

CVE-2025-63207

The R.V.R Elettronica TEX product firmware TEXL-000400, Web GUI TLAN-000400 is vulnerable to broken access control due to improper authentication checks on the /Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting ...

CVE-2025-63207

The CVE-2025-63207 affects R.V.R Elettronica TEX: firmware TEXL-000400 and Web GUI TLAN-000400. It describes a broken access control flaw due to improper authentication checks on the /_Passwd.html endpoint, allowing an unauthenticated POST that can change Admin, Operator, and User passwords and p...

PT-2025-47497

Name of the Vulnerable Software and Affected Versions R.V.R Elettronica TEX firmware TEXL-000400 R.V.R Elettronica TEX Web GUI TLAN-000400 Description The R.V.R Elettronica TEX product is susceptible to a broken access control issue. This is due to insufficient authentication checks on the /...

CVE-2025-63207

The R.V.R Elettronica TEX product firmware TEXL-000400, Web GUI TLAN-000400 is vulnerable to broken access control due to improper authentication checks on the /Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting ...

EUVD-2013-6834

Malware in sbrugna...

EUVD-2010-4275

Malware in sbrugna...

EUVD-2013-7151

Malware in sbrugna...

activemq-artemis-operator: AMQ Broker Operator Starting Credentials Reuse

A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies...

CVE-2013-7385

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an...

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

SUSE CVE-2022-3287

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

DEBIAN-CVE-2022-3287

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

Cross site scripting

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent...