Use Of Hard-coded Credentials

GoHarbor Harbor is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to the presence of default hard-coded credentials in the application, which allows an attacker to gain unauthorized access to the web UI using known passwords...

CVE-2026-3611

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

Hitachi Energy RTU500 Product Improper Handling of Insufficient Permissions or Privileges (CVE-2026-1772)

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. This plugin only works with Tenable.ot...

CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2025-59101

CVE-2025-59101 affects the dormakaba access manager web interface. The authentication model relies on per-request IP verification after a successful login, with no traditional session state stored. This enables an attacker to spoof a logged-in user’s IP to gain access, as there is no persistent s...

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

CVE-2025-6542 OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

VulnCheck KEV: CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

EUVD-2016-7993

Malware in sbrugna...

EUVD-2019-8670

Malware in sbrugna...

EUVD-2018-19514

Malware in sbrugna...

EUVD-2015-6515

Malware in sbrugna...

EUVD-2017-8035

Malware in sbrugna...

EUVD-2023-32294

Malicious code in bioql PyPI...

EUVD-2025-22718

Malicious code in bioql PyPI...

CVE-2025-41425

DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from accessing the web interface...

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

CVE-2025-30184

Summary (CVE-2025-30184) CyberData 011209 Intercom is vulnerable to an unauthenticated access to the Web Interface via an alternate path. Public disclosures across NVD, Red Hat, CNNVD, CVE list, and PT Security confirm an authentication bypass/vector against the Intercom’s web interface, with CVS...