Lucene search
K

1626 matches found

Vulnrichment
Vulnrichment
added 2026/01/26 10:5 a.m.5 views

CVE-2025-59103 Weak Default Passwords for SSH Access in dormakaba access manager

The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users...

9.2CVSS5.8AI score0.00403EPSS
Exploits0References3
NVD
NVD
added 2026/01/16 12:16 a.m.8 views

CVE-2021-47796

Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system...

9.8CVSS0.00505EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.8 views

Denver SHC-150 Trust Management Vulnerability

The Denver SHC-150 is an indoor surveillance camera produced by the Danish company Denver. The Denver SHC-150 has a trust management vulnerability, which stems from hard-coded telnet credentials. This vulnerability could allow unauthenticated attackers to access the Linux shell...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/09 4:15 p.m.6 views

CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

10CVSS7AI score0.00387EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 4:15 p.m.13 views

CVE-2025-69426

The CVE-2025-69426 issue affects Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0. An initialization script contains hardcoded OS user credentials, enabling authentication even though SCP and pseudo-TTY are disabled. The SSH service is network-accessible without IP-based restriction...

10CVSS7AI score0.00387EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.6 views

CVE-2023-31740

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WLattenbb, WLattenradio, and WLattenctl in the apply.cgi interface, thereby gaining shell...

7.2CVSS7.8AI score0.02688EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.8 views

CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

10CVSS6.8AI score0.02304EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.16 views

CVE-2021-22733

Improper Privilege Management vulnerability exists in homeLYnk Wiser For KNX and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder...

7.8CVSS7.1AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.12 views

CVE-2022-23729

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010...

7.8CVSS7.2AI score0.0011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.9 views

CVE-2022-26582

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...

7.8CVSS7.6AI score0.00872EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.7 views

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

7.8CVSS6.9AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.5 views

CVE-2021-28497

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in...

7.8CVSS6.9AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 9:15 p.m.5 views

CVE-2025-66620

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...

8.6CVSS0.00415EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 8:8 p.m.5 views

CVE-2025-66620 Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...

8.6CVSS6.5AI score0.00415EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:41 a.m.9 views

CVE-1999-0058

Buffer overflow in PHP cgi program, php.cgi allows shell access...

7.5CVSS7.4AI score0.018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

Columbia Weather Systems MicroServer 安全漏洞

Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that stems from an unused webshell that allows unlimited login attempts, which could result in limited shell access being gaine...

8.6CVSS6.7AI score0.00415EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/06 3:52 p.m.3 views

CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

8.7CVSS7.5AI score0.0033EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.4 views

PT-2026-1135

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller versions 2.3.8 through 2.5.0 Description A flaw exists in Nuvation Energy Multi-Stack Controller that allows for OS Command Injection. This issue could allow an attacker to execute arbitrary commands on t...

9.4CVSS7.4AI score0.009EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/12/30 12:23 a.m.25 views

SUSE CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS7.1AI score0.00489EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/26 12:12 a.m.4 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...

9.5CVSS6.8AI score0.00489EPSS
Exploits0References2
Rows per page
Query Builder