Total
191 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46599 | 2025-04-29 | N/A | 6.8 MEDIUM | ||
| CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials. | |||||
| CVE-2025-43015 | 1 Jetbrains | 1 Rubymine | 2025-04-25 | N/A | 8.3 HIGH |
| In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces | |||||
| CVE-2020-11917 | 1 Svakom | 2 Svakom Siime Eye, Svakom Siime Eye Firmware | 2025-04-24 | N/A | 4.3 MEDIUM |
| An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.) | |||||
| CVE-2022-3262 | 1 Redhat | 1 Openshift | 2025-04-23 | N/A | 8.1 HIGH |
| A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability. | |||||
| CVE-2022-20466 | 1 Google | 1 Android | 2025-04-22 | N/A | 5.5 MEDIUM |
| In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730 | |||||
| CVE-2025-1863 | 2025-04-21 | N/A | 9.8 CRITICAL | ||
| Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings. This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions. | |||||
| CVE-2017-9137 | 1 Ceragon | 1 Fiberair Ip-10 Firmware | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented "The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability." | |||||
| CVE-2017-5491 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. | |||||
| CVE-2017-8021 | 1 Dell | 1 Elastic Cloud Storage | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. | |||||
| CVE-2017-6688 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2017-8039 | 1 Pivotal | 1 Spring Web Flow | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971. | |||||
| CVE-2017-5155 | 1 Schneider-electric | 1 Wonderware Historian | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. | |||||
| CVE-2017-12739 | 1 Siemens | 2 Sm-2556, Sm-2556 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device. | |||||
| CVE-2017-6687 | 1 Cisco | 1 Ultra Services Framework Element Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0. | |||||
| CVE-2017-3834 | 1 Cisco | 4 Aironet 1830i Access Point, Aironet 1850e Access Point, Aironet 1850i Access Point and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691. | |||||
| CVE-2017-6750 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. | |||||
| CVE-2017-4971 | 1 Pivotal | 1 Spring Web Flow | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. | |||||
| CVE-2017-6684 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0. | |||||
| CVE-2017-6685 | 1 Cisco | 1 Ultra Services Framework Staging Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0. | |||||
| CVE-2017-6692 | 1 Cisco | 1 Ultra Services Framework Element Manager | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839. | |||||