CVE-2026-40588

The CVE-2026-40588 entry concerns blueprintUE: prior to version 4.2.0, its password change form at /profile/{slug}/edit/ lacks a current_password field and does not verify the existing password before applying a new one. If an attacker has a valid authenticated session (via XSS, session hijacking...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.13-0 Update translation strings uyuni-tools: Version 5.1.26-0 Fix applying PTF with images from RPMs bsc1252548 Ssl Key file can miss if CA password is blank bsc1254154 mgrpxy ssh tuning should happens before crypto policies bsc1254619...

blueprintUE self-hosted edition 安全漏洞

The blueprintUE self-hosted edition is an open-source data modeling and visualization tool developed by blueprintUE. Versions prior to blueprintUE self-hosted edition 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the password change form located at...

CVE-2026-33124 Frigate has insecure password change functionality

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...

GHSA-VRPH-M5JJ-C46C Rancher's weave CNI password is not configured when a cluster is created from an RKE template

Impact This vulnerability only affects customers using Weave CNI Container Network Interface when configured through RKE templates. A flaw was discovered in Rancher versions from 2.5.0 up to and including 2.5.13 and from 2.6.0 up to and including 2.6.4, where a UI user interface issue with RKE...

CVE-2026-25889

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

CVE-2025-66051 Path traversal in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

KAYSUS KS-WR3600 安全漏洞

The KAYSUS KS-WR3600 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR3600, which stems from the SSH service being enabled by default and the root account not having a password, which could lead to arbitrary command execution...

EUVD-2025-30881

Malicious code in bioql PyPI...

CVE-2025-9964

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9964

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9964

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9964 Weak Authentication for Root User

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9964

CVE-2025-9964 affects Novakon P series (P – V2001.A.C518o2). The root cause is an absent/no password for the root user, enabling physical attackers to access the console. CVSS shows a HIGH impact with physical attack vector and no user interaction. The issue is documented across multiple feeds (N...

redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit...

SUSE CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

CVE-2023-29061

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication...

BD FACSChorus Security Breach

The BD FACSChorus is a multichannel flow cytometry system from BD Medical BD. A security vulnerability exists in the BD FACSChorus that stems from the absence of a BIOS password on the workstation...

SUSE CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...