CVE-2026-45043

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

CVE-2013-20005

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

PT-2026-25714

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

CVE-2013-20005 Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password,...

EUVD-2015-2985

Malware in sbrugna...

The vulnerability of microprogrammed software in PLANET Technology devices stems from the lack of authenticity verification for a critical function. This allows attackers to create accounts with root privileges.

The vulnerability of PLANET Technology’s microprogrammed software for switches is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow a malicious actor, operating remotely, to create a user account with root privileges...

Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked

For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images. Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8...

Tenda AC15 Authentication Vulnerability

Tenda AC15 is a wireless router product from Tenda, a Chinese company. A security vulnerability exists in the Tenda AC15, which originates from some default accounts on the device having root privileges. The vulnerability can be exploited by a remote attacker to create a telnetd service by sendin...

CVE-2018-5770

An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to...

CVE-2015-2897

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a 1 SSH or 2 TELNET session...

CVE-2015-2897

CVE-2015-2897 affects Sierra Wireless ALEOS on GX, ES, and LS gateways (before 4.4.2). The issue is multiple hard-coded root accounts that are enabled by default and reachable via SSH or TELNET, enabling a remote attacker to gain full administrative control. The CERT/CCE entry notes these credent...

Hardcoded credentials

Cisco Unified Communications Domain Manager CDM in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation o...

European Space Agency (ESA.INT) Hacked by TinKode !

European Space Agency ESA.INT Hacked by TinKode ! The European Space Agency ESA, established in 1975, is an intergovernmental organisation dedicated to the exploration of space, currently with 18 member states. Headquartered in Paris, ESA has a staff of more than 2,000 with an annual budget of...