Lucene search
K

22 matches found

NVD
NVD
added yesterday4 views

CVE-2026-11405

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

Exploits1References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-55969

Name of the Vulnerable Software and Affected Versions Tenda firmware US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware US AC5V1.0RTL V15.03.06.48 multi TDE01 Tenda firmware US...

6AI score
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.4 views

CVE-2026-22543

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

6.9CVSS6.8AI score0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-43937

Malicious code in bioql PyPI...

7.5CVSS7.1AI score0.00729EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:49 a.m.11 views

CVE-2023-3261

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...

7.5CVSS7.5AI score0.00729EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:55 a.m.4 views

CVE-2023-0457

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server...

7.5CVSS7.4AI score0.01174EPSS
Exploits0References1
OSV
OSV
added 2023/08/24 5:15 p.m.4 views

CVE-2023-40706

There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login...

9.8CVSS5.8AI score0.00537EPSS
Exploits0References1
OSV
OSV
added 2023/08/14 4:15 a.m.5 views

CVE-2023-3261

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...

7.2CVSS6.1AI score0.00729EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/14 3:53 a.m.28 views

CVE-2023-3261

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...

7.5CVSS7.8AI score0.00729EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.18 views

Advantech Trust Management Issues Vulnerabilities

Advantech, an application of Advantech China, provides intelligent electric bus management systems. A trust management issue vulnerability exists in Advantech ADAM-3600, which stems from a hard-coded private key available in the project folder, and can be exploited by an attacker to achieve Web...

9.8CVSS9.4AI score0.01211EPSS
Exploits0References1
NVD
NVD
added 2022/02/04 11:15 p.m.26 views

CVE-2022-22987

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

9.8CVSS0.01211EPSS
Exploits0References1
OSV
OSV
added 2022/02/04 11:15 p.m.5 views

CVE-2022-22987

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

9.8CVSS5.8AI score0.01211EPSS
Exploits0References1
Prion
Prion
added 2022/02/04 11:15 p.m.21 views

Hardcoded credentials

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

7.5CVSS9.3AI score0.01211EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/04 10:29 p.m.34 views

CVE-2022-22987 Advantech ADAM-3600

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

9.8CVSS9.6AI score0.01211EPSS
Exploits0References1
CVE
CVE
added 2022/02/04 10:29 p.m.59 views

CVE-2022-22987

CVE-2022-22987 affects Advantech ADAM-3600 (e.g., up to version 2.6.2) where a hard-coded private key in the project folder enables Web Server login and further actions. Technical detail: use of a hard-coded cryptographic key (CWE-321). Impact as described: attacker could gain unauthorized access...

9.8CVSS9.5AI score0.01211EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.6 views

Advantech 信任管理问题漏洞

Advantech, an application of Advantech China, provides intelligent electric bus management systems. A trust management issue vulnerability exists in Advantech ADAM-3600, which stems from a hard-coded private key available in the project folder, and can be exploited by an attacker to achieve Web...

9.8CVSS5.6AI score0.01211EPSS
Exploits0References4
ICS
ICS
added 2022/02/01 12:0 a.m.50 views

Advantech ADAM-3600

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic...

9.8CVSS9.9AI score0.01211EPSS
Exploits0References5
CNVD
CNVD
added 2021/07/06 12:0 a.m.10 views

Command Execution Vulnerability in SeaCMS V210530

Ocean CMS is a PHP MYSQL-based architecture, professional open source free PHP film and television system, can be cross-platform operation of the web content management system. A command execution vulnerability exists in SeaCMS V210530. An attacker can exploit this vulnerability to obtain web...

7.2AI score
Exploits0
NVD
NVD
added 2013/06/07 8:55 p.m.29 views

CVE-2013-0142

QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...

5CVSS6.8AI score0.01308EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/06/07 8:0 p.m.29 views

CVE-2013-0142

QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors...

6.7AI score0.01308EPSS
Exploits0References1
Rows per page
Query Builder