CVE-2025-67305

In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...

CVE-2025-36729 RACOM M!DGE2 Privilege Escalation via SDK Testing Endpoint

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...