Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.6 views

CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

5.5CVSS5.5AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 7:35 p.m.9 views

EUVD-2026-8826

Fleet: Device lock PIN can be predicted if lock time is known...

4.1CVSS5.2AI score0.00124EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:45 a.m.2 views

CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

5.5CVSS5.6AI score0.00124EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/11 9:16 p.m.5 views

CVE-2020-37104

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

7.5CVSS5.8AI score0.00565EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/11 8:49 p.m.4 views

CVE-2020-37104 ASTPP 4.0.1 VoIP Billing - Database Backup Download

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References4
CVE
CVE
added 2026/02/11 8:49 p.m.17 views

CVE-2020-37104

CVE-2020-37104 affects ASTPP 4.0.1 and describes an information disclosure where unauthenticated attackers can download database backup files by predicting 6‑digit PINs and fuzzing the backup download URL under /database_backup/. The vulnerability relates to information exposure of sensitive data...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2025/06/30 12:0 a.m.96 views

📄 AnyCommand 1.2.7 Remote Code Execution

AnyCommand version 1.2.7 contains critical vulnerabilities enabling unauthenticated attackers to achieve remote code execution. The exploit bypasses weak 6-digit PIN authentication through bruteforcing, then abuses the command interface to simulate keystrokes for command execution and payload...

9AI score
Exploits0
Rows per page
Query Builder