Export limit exceeded: 342456 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2212 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40401 | 3 Debian, Fedoraproject, Gerbv Project | 3 Debian Linux, Fedora, Gerbv | 2025-04-15 | 8.6 High |
| A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-27172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2025-04-15 | 8.8 High |
| A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-22144 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2025-04-15 | 9.8 Critical |
| A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability. | ||||
| CVE-2017-20039 | 1 Sicunet | 1 Access Control | 2025-04-15 | 9.8 Critical |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. | ||||
| CVE-2022-22458 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2025-04-15 | 6.3 Medium |
| IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009. | ||||
| CVE-2022-3807 | 1 Axiosys | 1 Bento4 | 2025-04-15 | 4.3 Medium |
| A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660. | ||||
| CVE-2023-41610 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2025-04-14 | 8.8 High |
| Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext. | ||||
| CVE-2014-1849 | 1 Foscam | 1 Ip Camera Firmware | 2025-04-12 | N/A |
| Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server. | ||||
| CVE-2014-1644 | 1 Symantec | 1 Liveupdate Administrator | 2025-04-12 | N/A |
| The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. | ||||
| CVE-2013-7134 | 1 Phusion | 1 Juvia | 2025-04-12 | N/A |
| Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies. | ||||
| CVE-2013-5755 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | N/A |
| config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2015-3729 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. | ||||
| CVE-2015-3750 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. | ||||
| CVE-2015-3751 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. | ||||
| CVE-2013-5229 | 1 Apple | 2 Apple Remote Desktop, Mac Os X | 2025-04-12 | N/A |
| The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. | ||||
| CVE-2015-3755 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | ||||
| CVE-2015-3722 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. | ||||
| CVE-2014-3489 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack. | ||||
| CVE-2015-3728 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. | ||||
| CVE-2014-3419 | 1 Infoblox | 1 Netmri | 2025-04-12 | N/A |
| Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. | ||||