Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.13 views

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

5.8AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.36 views

CVE-2026-33583

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40705

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...

5.8AI score0.00202EPSS
Exploits1References3
NVD
NVD
added 2026/01/26 10:16 a.m.13 views

CVE-2025-59098

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

8.7CVSS0.00339EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/21 7:24 p.m.9 views

CVE-2025-34202

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 VA and SaaS deployments expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a...

8.8CVSS7.7AI score0.00918EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2025/03/31 10:0 a.m.50 views

An AI Image Generator’s Exposed Database Reveals What People Really Used It For

An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images—some of which are likely illegal. The company deleted its websites after WIRED reached out...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.6 views

PT-2024-33664 · Zitadel +1 · Zitadel +1

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.64.1 Zitadel versions prior to 2.63.6 Zitadel versions prior to 2.62.8 Zitadel versions prior to 2.61.4 Zitadel versions prior to 2.60.4 Zitadel versions prior to 2.59.5 Zitadel versions prior to 2.58.7 Description...

9.9CVSS6.1AI score0.97781EPSS
Exploits21References141
Prion
Prion
added 2023/08/14 7:15 p.m.12 views

Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...

6.5CVSS8.5AI score0.00583EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/05 12:0 a.m.6 views

The vulnerability of the httpd daemon in the microprogramming-based router software from TP-Link’s TL-WR940N allows a hacker to bypass authentication processes and gain unauthorized access to the equipment.

The vulnerability of the httpd daemon in the microprogramming-based routing software of TP-Link’s TL-WR940N device is related to the use of insufficiently random values. Exploiting this vulnerability allows a malicious actor to bypass authentication processes and gain unauthorized access to the...

7.5CVSS7.2AI score0.00905EPSS
Exploits0References4
OSV
OSV
added 2022/02/23 7:1 p.m.18 views

GSD-2022-1000285 Unsafe default configuration values in Nginx version all version

INFORMATIONAL In Nginx, all versions, a number of unsafe default configuration values exists in the web server that can be attacked via the network resulting in disclosure of information and availability. These include but are not limited to: 1. Not enough file descriptors per worker 2. The...

6.7AI score
Exploits0References2
CVE
CVE
added 2018/08/10 7:0 p.m.63 views

CVE-2018-10630

CVE-2018-10630 covers improper access control in Crestron TSW-X60 (versions before 2.001.0037.001) and MC3 (before 1.502.0047.001). The devices are shipped with authentication disabled, with no user indication to enable it; if compromised, access to the CTP console can be left open. Connected adv...

10CVSS9.5AI score0.10912EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/02/16 2:0 a.m.17 views

CVE-2015-1608

Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...

6.1AI score0.01324EPSS
Exploits0References3
Rows per page
Query Builder