CVE-2026-55740

CVE-2026-55740 affects Nur-Alam39 bus-ticket. The vulnerability is an unauthenticated SQL injection in bus_info.php where the busid parameter from an HTTP POST is concatenated directly into the query: select * from bus_info where id=$busid. This occurs in a numeric context and is not sanitized, e...

CVE-2026-54445

Vantage6 prior to 5.0.0 creates an initial admin user with username root and password root , enabling easy elevated access. The issue is addressed in version 5.0.0 . A workaround is to delete the initial root user after it has been used to create other users. Affected component: initial user prov...

PT-2026-49248

Impact Vantage6 currently provides an initial user with username root and password root. This is not ideal for the following reasons: - Attackers know that almost all vantage6 servers have a user with username root that probably has admin rights - The initial password is very weak and it is...

CVE-2026-42609

Grav CVE-2026-42609 describes a business-logic flaw in the Grav Admin Panel where a low-privileged user with admin user-creation permissions can overwrite a higher-privilege account by creating a new user with an existing username. The system incorrectly updates the existing account’s metadata an...

RustFS: ListServiceAccount authorizes against wrong admin action, enabling cross-user enumeration and root service account takeover

Summary ListServiceAccount GET /rustfs/admin/v3/list-service-accounts?user= authorizes cross-user requests against UpdateServiceAccountAdminAction instead of ListServiceAccountsAdminAction at rustfs/src/admin/handlers/serviceaccount.rs:936. The handler accepts the wrong admin action and rejects t...

Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability

Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system...

CVE-2020-37092

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

CVE-2020-37092

CVE-2020-37092 affects Netis E1+ devices with firmware 1.2.32533, where a hardcoded root account allows unauthenticated attackers to gain full administrative access via a predefined crackable password. This vulnerability enables remote compromise with network access and is supported by multiple s...

CVE-2020-37092 Netis E1+ 1.2.32533 - Backdoor Account (root)

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

CVE-2020-37092

Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device...

Netis E1+ 信任管理问题漏洞

Netis E1+ is a wireless signal amplifier developed by the Chinese company Netis. Version 1.2.32533 of Netis E1+ contains a vulnerability related to trust management. This vulnerability stems from the presence of a hardcoded root account, allowing attackers to access devices using predefined...

PT-2026-5842

Name of the Vulnerable Software and Affected Versions Netis E1+ version 1.2.32533 Description The Netis E1+ device version 1.2.32533 has a hardcoded root account that allows unauthenticated attackers to access the device using predefined credentials. Attackers can exploit the embedded root accoun...

CVE-2018-18754

ZyXEL VMG3312-B10B 1.00AAPP.7 devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file...

CVE-2016-10305

Trango Apex = 2.1.1, ApexLynx 2.0, ApexOrion 2.0, ApexPlus = 3.2.0, Giga = 2.6.1, GigaLynx 2.0, GigaOrion 2.0, GigaPlus = 3.2.3, GigaPro = 1.4.1, StrataLink 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software...

CVE-2017-18449

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...

CVE-2020-12713

An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root...

CVE-1999-0421

During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password...

EUVD-2025-198160

Legacy Vivotek Device firmware uses default credetials for the root and user login accounts...

Vivotek Camera 安全漏洞

Vivotek Camera is a webcam from China VIVOTEK Communications Vivotek. A security vulnerability exists in Vivotek Camera that stems from the firmware using default credentials to log into the root and user accounts...

Access Control Bypass

Overview @kottster/cli is a CLI for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by repeatedly triggering...