EUVD-2026-19044

A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...

CVE-2026-5548 Tenda AC10 httpd fromSysToolChangePwd stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

CVE-2019-25311 thesystem Persistent XSS

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...

CVE-2019-25311

The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...

PT-2026-7606

Name of the Vulnerable Software and Affected Versions thesystem version 1.0 Description thesystem version 1.0 has a persistent cross-site scripting issue. Attackers can inject malicious scripts through several server data input fields. Specifically, crafted script payloads can be submitted in the...

CVE-2025-62877 Harvest may expose OS default ssh login password via SUSE Virtualization Interactive Installer

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

CVE-2023-53771

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEMPASSWORD parameters to reset root credentials...

PT-2025-45137

Name of the Vulnerable Software and Affected Versions Dell CloudLink versions prior to 8.1.1 Description Dell CloudLink versions prior to 8.1.1 have a security issue where a user with elevated privileges and knowledge of the system password can execute a CLI Escape, potentially gaining control of...

EUVD-2010-2101

Malware in sbrugna...

EUVD-2021-30436

Malicious code in bioql PyPI...

CVE-2025-27458 CVE-2025-27458

The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses...

CVE-2025-47821

Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system...

CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

CVE-2025-3763

A vulnerability classified as critical has been found in SourceCodester Phone Management System 1.0. This affects the function main of the component Password Handler. The manipulation of the argument s leads to buffer overflow. Local access is required to approach this attack. The exploit has bee...

Milestone XProtect 安全漏洞

Milestone XProtect is a video management software from Milestone. A security vulnerability exists in Milestone XProtect versions 2024 R1 through 2024 R2, which originates from resetting the system configuration password during the upgrade process, which could lead to a security configuration...

CVE-2024-29208

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18 and earlier UniFi Conne...

PT-2024-22809 · Ubiquiti · Unifi Connect Ev Station Pro +3

Name of the Vulnerable Software and Affected Versions: UniFi Connect EV Station versions 1.1.18 and earlier UniFi Connect EV Station Pro versions 1.1.18 and earlier UniFi Connect Display versions 1.9.324 and earlier UniFi Connect Display Cast versions 1.6.225 and earlier Description: An Unverifie...

Ruijie Networks RG-NBS2009G-P Authorization Issues Vulnerability

Ruijie Networks RG-NBS2009G-P is a network security product from China's Ruijie Networks that is commonly used as an enterprise-class network border firewall. The Ruijie Networks RG-NBS2009G-P suffers from an authorization issue vulnerability that stems from the inclusion of an unknown function i...

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...