16812 matches found
Cassandra Web path traversal vulnerability
Cassandra Web is a web interface developed by Bulat Shakirzyanov. Version 0.5.0 of Cassandra Web has a path traversal vulnerability, which arises from improper handling of path traversal parameters, potentially allowing access to arbitrary files...
PT-2026-4992
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...
EUVD-2026-4734
A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wizpolicy3machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel...
CVE-2026-20888
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2026-24439
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...
CVE-2025-59098
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
CVE-2025-59108
CVE-2025-59108 affects the web interface of the dormakaba Access Manager. The issue is a weak/default password policy: the password is set to 'admin' by default and, in tested versions, changing it is not enforced, enabling unauthenticated access to the web UI. According to the available sources,...
CVE-2025-59108 Weak Default Passwords in dormakaba access manager
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced...
EUVD-2025-206368
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced...
CVE-2025-59108
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced...
CVE-2025-59101
CVE-2025-59101 affects the dormakaba access manager web interface. The authentication model relies on per-request IP verification after a successful login, with no traditional session state stored. This enables an attacker to spoof a logged-in user’s IP to gain access, as there is no persistent s...
CVE-2025-59100
CVE-2025-59100 affects dormakaba access manager. The web interface allows exporting the internal SQLite database; after export an automatic download starts and the device reboots, at which point the exported database is deleted. In some cases the device does not reboot or the export is not delete...
CVE-2025-59100
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
CVE-2025-59098
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
PT-2026-4748
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the fact that the default password for the web interface is “admin” and it is not enforced to change it, allowing...
Tenda W30E security vulnerabilities
The Tenda W30E is a router produced by the Chinese company Tenda. Versions of the Tenda W30E such as V2 and V16.01.0.195037 had security vulnerabilities. These vulnerabilities stemmed from the lack of the X-Content-Type-Options header in the web management interface, which could lead to browsers...
PT-2026-4791
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...
PT-2026-4790
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be expose...
PT-2026-4758
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced...