12 matches found
CVE-2026-36539
Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...
CVE-2026-33583
Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...
PT-2026-40705
U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...
CVE-2025-59098
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
CVE-2025-34202
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 VA and SaaS deployments expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a...
An AI Image Generator’s Exposed Database Reveals What People Really Used It For
An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images—some of which are likely illegal. The company deleted its websites after WIRED reached out...
PT-2024-33664 · Zitadel +1 · Zitadel +1
Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.64.1 Zitadel versions prior to 2.63.6 Zitadel versions prior to 2.62.8 Zitadel versions prior to 2.61.4 Zitadel versions prior to 2.60.4 Zitadel versions prior to 2.59.5 Zitadel versions prior to 2.58.7 Description...
Design/Logic Flaw
An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using...
The vulnerability of the httpd daemon in the microprogramming-based router software from TP-Link’s TL-WR940N allows a hacker to bypass authentication processes and gain unauthorized access to the equipment.
The vulnerability of the httpd daemon in the microprogramming-based routing software of TP-Link’s TL-WR940N device is related to the use of insufficiently random values. Exploiting this vulnerability allows a malicious actor to bypass authentication processes and gain unauthorized access to the...
GSD-2022-1000285 Unsafe default configuration values in Nginx version all version
INFORMATIONAL In Nginx, all versions, a number of unsafe default configuration values exists in the web server that can be attacked via the network resulting in disclosure of information and availability. These include but are not limited to: 1. Not enough file descriptors per worker 2. The...
CVE-2018-10630
CVE-2018-10630 covers improper access control in Crestron TSW-X60 (versions before 2.001.0037.001) and MC3 (before 1.502.0047.001). The devices are shipped with authentication disabled, with no user indication to enable it; if compromised, access to the CTP console can be left open. Connected adv...
CVE-2015-1608
Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...