Lucene search
K

1002 matches found

NVD
NVD
added 2026/06/04 3:16 p.m.14 views

CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

4.6CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 12:16 p.m.12 views

CVE-2026-45432

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:7 p.m.9 views

CVE-2026-45432

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 6:43 a.m.22 views

CVE-2026-50205

CVE-2026-50205 describes a vulnerability where system log files output unencrypted SMTP server authentication passwords along with sensitive employee identifiers. The brief does not specify affected products, vendors, or versions. Impact is stated as high confidentiality exposure (log leakage of ...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.6 views

CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

4.6CVSS5.8AI score0.0014EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 6:44 p.m.8 views

CVE-2019-25722 Dräger SC Monitoring Devices Hard-coded Credentials and DoS

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

7.6CVSS5.9AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 1:9 p.m.38 views

CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with...

8.7CVSS0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 1:9 p.m.10 views

EUVD-2026-33921

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

10CVSS5.8AI score0.00471EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

Progress Sitefinity 安全漏洞

Progress Sitefinity is an open-source platform developed by the American company Progress, used for building corporate websites and internal networks. Versions of Progress Sitefinity ranging from 14.0.7700 to 14.4.8152, 15.0.8200 to 15.0.8234, 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441,...

10CVSS5.4AI score0.00441EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Progress Sitefinity 安全漏洞

Progress Sitefinity is an open-source platform developed by the American company Progress, used for building corporate websites and internal networks. Versions of Progress Sitefinity from 8.0.5700 to 13.3.7652 have security vulnerabilities. These vulnerabilities stem from insufficient credential...

8.7CVSS5.5AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 6:17 p.m.13 views

CVE-2026-7786

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS0.00415EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 5:11 p.m.40 views

CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS0.00415EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:11 p.m.10 views

CVE-2026-7786

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/29 5:11 p.m.13 views

EUVD-2026-33374

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 5:11 p.m.37 views

CVE-2026-7786

The CVE-2026-7786 affects Jinan USR IOT’s USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter. The firmware image contains plaintext administrative credentials that can be extracted via firmware analysis and used to authenticate to device services, enabling administrator access. Reported CVSS v3.1 sco...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 2:46 p.m.13 views

EUVD-2018-21918

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values...

8.7CVSS5.8AI score0.00313EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

USR-W610 信任管理问题漏洞

USR-W610 is an industrial-grade serial-to-Wi-Fi networking module developed by USR. The USR-W610 has a trust management vulnerability, which stems from the inclusion of plaintext management credentials in the firmware. This vulnerability could allow credentials to be extracted through firmware...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

StrongDM 安全漏洞

StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...

2CVSS5.8AI score0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Acer Wave 7 router 安全漏洞

The Acer Wave 7 router is a three-band wireless router from Acer, a company based in Taiwan, China. The Acer Wave 7 router has a security vulnerability. This vulnerability arises from the acercgi.log file, which can be accessed via a web interface without authentication, containing plaintext logi...

10CVSS5.8AI score0.00518EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44970

Name of the Vulnerable Software and Affected Versions USR-W610 affected versions not specified Description The firmware of the Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter contains hard-coded administrative credentials stored in plaintext. These credentials...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References7
Rows per page
Query Builder