Lucene search
K

88 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 7:28 p.m.4 views

CVE-2026-24789

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

9.8CVSS5.5AI score0.0067EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 5:16 p.m.5 views

CVE-2026-24789

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

9.8CVSS0.0067EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 4:17 p.m.3 views

CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

9.8CVSS5.5AI score0.0067EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 4:17 p.m.24 views

CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

9.8CVSS0.0067EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 4:17 p.m.4 views

CVE-2026-24789

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

9.8CVSS5.5AI score0.0067EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/11 4:17 p.m.14 views

CVE-2026-24789

CVE-2026-24789 is described in the provided documents as an unprotected API endpoint that allows remote password modification without authentication. The reports (including NVD/Red Hat/CVE lists) state a critical impact (high confidentiality, integrity, and availability effects) with CVSS scores ...

9.8CVSS5.5AI score0.0067EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.5 views

PT-2026-7620

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. The vulnerable API endpoint is exposed without requiring any form of...

9.8CVSS5.4AI score0.0067EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

ZLAN5143D 访问控制错误漏洞

ZLAN5143D is a serial port server from the Chinese company ZLAN. ZLAN5143D has an access control vulnerability, which stems from unprotected API endpoints. This vulnerability could allow attackers to remotely change device passwords without requiring authentication...

9.8CVSS7.5AI score0.0067EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-5041

Malware in sbrugna...

4.3CVSS6.4AI score0.00883EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-18061

Malware in sbrugna...

9.8CVSS9.5AI score0.01141EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6667

Malware in sbrugna...

8.8CVSS8.8AI score0.0067EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-28278

Malicious code in bioql PyPI...

7.5CVSS5.6AI score0.00572EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-28021

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.01756EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.6 views

CVE-2023-38379

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved...

7.5CVSS7.3AI score0.00586EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:11 p.m.10 views

CVE-2020-11964

In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

7.5CVSS7.6AI score0.02247EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:11 p.m.9 views

CVE-2020-11966

In IQrouter through 3.3.1, the Lua function resetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

9.8CVSS9.4AI score0.02992EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/21 12:46 a.m.23 views

CVE-2025-4903

A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R68125. This affects the function sub41F4F0 of the file /H5/webgl.asp?tgglport=0management=0passwd=gameservice=admin-restart. The manipulation leads to unverified password change. It is possible to initia...

7.5CVSS7.1AI score0.00572EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2025/02/17 12:0 a.m.6 views

The vulnerability of the application access protection software in Docker environments. IBM Security Verify Access Docker, a access management system from IBM Security Verify Access, has a flaw related to the lack of necessary verification during password changes. This allows attackers to alter user passwords.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in the lack of necessary authentication during password changes. Exploiting this vulnerability allows an attacker to remotely change a user’s password...

5.6CVSS5.5AI score0.00259EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.5 views

The vulnerability of the Connectize G6 AC2100 router’s microprogramming software lies in the lack of protective measures for the website structure, allowing attackers to alter the Wi-Fi password.

The vulnerability of the Connectize G6 AC2100 router’s microprogramming software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to change the Wi-Fi password remotely...

4.7CVSS6.3AI score0.00425EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2023/07/27 12:0 a.m.3 views

SpringBlade Secure Mode Bypass Vulnerability

SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. SpringBlade suffers from a security model bypass vulnerability that stems from exposing a signing key, which can be exploited by an attacker to conduct a SQL injection attack by forging a JWT,...

8.3AI score
Exploits0References1
Rows per page
Query Builder