Lucene search
K

12 matches found

OSV
OSV
added 4 days ago4 views

PYSEC-2026-2005 vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...

5.3CVSS6.1AI score0.00394EPSS
Exploits0References7
NVD
NVD
added 2026/05/28 5:16 p.m.19 views

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS0.00535EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 3:32 p.m.35 views

CVE-2026-24444 SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS0.00535EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:32 p.m.13 views

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/28 3:32 p.m.10 views

EUVD-2026-32928

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 3:32 p.m.12 views

CVE-2026-24444 SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 3:32 p.m.22 views

CVE-2026-24444

CVE-2026-24444 concerns SDMC NE6037 cable modem routers with firmware 7.1.6.0.25 and 7.1.6.1.9_B9. A hardcoded password in the web management interface recovery endpoints (mgmt.php, npcmd.php) allows unauthenticated users to submit the credential via HTTP and gain root access. This enables enabli...

9.8CVSS5.8AI score0.00535EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 4:8 p.m.4 views

EUVD-2026-17991

Payload has Unvalidated Input in Password Recovery Endpoints...

9.1CVSS5.9AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2025/01/15 11:15 a.m.4 views

CVE-2024-35280

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4....

6.1CVSS5.7AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/15 10:7 a.m.26 views

CVE-2024-35280

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4....

5.4CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/15 10:7 a.m.10 views

CVE-2024-35280

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4....

5.4CVSS5AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.6 views

PT-2025-2440

Name of the Vulnerable Software and Affected Versions: Fortinet FortiDeceptor versions 3.x through 5.3.0 Description: The issue is related to an improper neutralization of input during web page generation, also known as 'cross-site scripting'. This may allow an attacker to perform a reflected...

6.4CVSS5AI score0.00278EPSS
Exploits0References10
Rows per page
Query Builder