EEF-CVE-2026-48859 SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration

Summary Observable Timing Discrepancy vulnerability in Erlang/OTP ssh ssh\auth, ssh\options modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user\passwords or password option,...

CVE-2026-9512

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...

CVE-2026-9476

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be...

CVE-2026-7155

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated...

EUVD-2026-22036

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from the function setPasswordCfg in the CGI Handler component’s file...

CVE-2020-37132

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal...

UltraVNC Launcher 安全漏洞

UltraVNC Launcher is a launcher for the remote control software developed by UltraVNC Corporation. Version 1.2.4.0 of UltraVNC Launcher contains a security vulnerability, which stems from improper handling of password configuration properties, potentially leading to the application crashing...

CVE-2025-67496 WeGia is Vulnerable to XSS through id_pessoa Parameter on Password Configuration Page

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting XSS vulnerability in the /WeGIA/html/geral/configurarsenhas.php endpoint. The application does not sanitize user-controlled data before...

CVE-2025-67496

WeGIA CVE-2025-67496 affects version 3.5.4 and earlier; Stored XSS in /WeGIA/html/geral/configurar_senhas.php occurs because user-controlled data (employee names) are retrieved from DB and inserted into HTML elements without proper escaping. This can allow script injection via the employee dropd...

EUVD-2023-58006

Malicious code in bioql PyPI...

CVE-2025-2369

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the atta...

CVE-2024-47295

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under...

CVE-2024-25825

FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password...

CVE-2024-47295

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under...

CVE-2024-47295

CVE-2024-47295 affects SEIKO EPSON Web Config, where insecure initial password configuration allows a remote unauthenticated attacker to set an arbitrary password and operate the device with administrative privileges. Public sources describe the vulnerability in the Web Config software used by SE...

CVE-2024-47295

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under...

CVE-2023-51025

TOTOlink EX1800T V9.1.0cu.2112B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi...

CVE-2023-46510

An issue in ZIONCOM Hong Kong Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function...

PT-2023-28003 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions 9.0 through 9.2.0a Description: A segmentation fault can occur in Brocade Fabric OS through the passwdcfg command. This could allow an authenticated privileged user to crash a Brocade Fabric OS switch using the cli...