Fedora 42 : coturn (2026-2a1aa1f57f)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2a1aa1f57f advisory. Coturn 4.9.0 - Multiple security fixes - Fix to Web Admin password check - Cleanup of deprecated OpenSSL APIs - Fix for CVE-2026-27624: Bypass...

Fedora 43 : coturn (2026-8cb5571ddc)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8cb5571ddc advisory. Coturn 4.9.0 - Multiple security fixes - Fix to Web Admin password check - Cleanup of deprecated OpenSSL APIs - Fix for CVE-2026-27624: Bypass...

CVE-2020-7470

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...

CVE-2025-62775

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

EUVD-2025-35312

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

CVE-2025-62775

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

CVE-2025-62775

CVE-2025-62775 affects Mercku M6a devices up to firmware version 2.1.0, where the web admin password can be used to gain root TELNET access. The connected documents consistently describe root access via TELNET enabled by the web admin password, indicating a high-severity impact (per CVSS 3.1 vect...

Mercku M6a 安全漏洞

Mercku M6a is a WiFi router from Mercku USA. A security vulnerability exists in Mercku M6a version 2.1.0 and prior versions, which originates from allowing root login via TELNET using the web administrator password, which could lead to unauthorized access...

EUVD-2020-28596

Malware in sbrugna...

STEALTHONE多款产品 SQL注入漏洞

STEALTHONE D220 and others are a network storage server from STEALTHONE. A SQL injection vulnerability exists in various STEALTHONE products, where an attacker with access to the affected products could obtain the administrative password for the web administration page. The following products are...

DEBIAN-CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2020-7470

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...

Cross site scripting

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...

CVE-2020-7470

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...

CVE-2005-2586

The CVE concerns a Mentor ADSL-FR4II router with firmware 2.00.0111 that stores the web administration password in cleartext inside the backup configuration file. This exposes sensitive credentials to local users who can access the backup config, enabling partial confidentiality impact as describ...