📦 Meac300 Fnade4 Firmware

This vulnerability allows attackers with physical access to bypass Windows login security by booting from an alternative operating system, enabling full read/write access to unencrypted hard drives. I...

This vulnerability allows automatic login to the EPC2 Windows user account without password authentication during device startup. It affects industrial control systems and devices from SICK AG that us...

This vulnerability allows attackers to perform brute-force attacks against SMB server login mechanisms due to insufficient rate limiting. It affects systems running vulnerable SMB server implementatio...

CVE-2025-1710 is an authentication brute-force vulnerability in maxView Storage Manager that allows attackers to guess credentials through repeated login attempts. This affects organizations using vul...

This cross-site scripting (XSS) vulnerability allows attackers to inject malicious JavaScript into the web application via specially crafted URLs. When an authenticated administrator clicks such a lin...

The MEAC300-FNADE4 device lacks rate limiting for authentication attempts, allowing attackers to systematically guess passwords via brute-force attacks. This affects all users of this specific industr...

This SQL injection vulnerability in PostgreSQL allows attackers to execute arbitrary SQL commands and dump database contents. It affects applications using vulnerable PostgreSQL configurations. Organi...

This vulnerability affects Apache httpd webservers running the MEAC300-FNADE4 web application with unnecessary modules enabled. It allows directory listing, potentially exposing sensitive files and di...

This CSRF vulnerability allows attackers to trick authenticated users into performing unintended actions on their behalf. Attackers can craft malicious requests that execute with the victim's session ...

This clickjacking vulnerability allows attackers to embed the web application in malicious frames, tricking users into clicking hidden elements. This could lead to unauthorized actions or data exposur...

CVE-2025-27457 is a cleartext transmission vulnerability in VNC communications that allows attackers to intercept unencrypted traffic between VNC servers and clients. This exposes sensitive data like ...

This vulnerability allows client-side scripts (like JavaScript) to access the PHPSESSION cookie because the HttpOnly flag is disabled. This affects web applications that use PHP sessions without prope...

This vulnerability in VNC authentication allows attackers to capture challenge-response pairs from unencrypted network traffic and attempt to derive the password through offline brute-force attacks. I...

This cross-site scripting (XSS) vulnerability allows attackers to inject malicious JavaScript into dashboard names in a web application. When users view these dashboards, the injected code executes in...

This vulnerability in the MEAC300-FNADE4 device allows session hijacking because cookies lack the Secure attribute. Attackers can intercept PHPSESSID cookies via unencrypted HTTP connections, potentia...

This vulnerability allows attackers to enumerate valid usernames by observing different error messages for incorrect passwords versus non-existent usernames during failed login attempts. This affects ...

This vulnerability exposes PostgreSQL database credentials stored in plain text (partially base64 encoded) in SICK industrial control systems. Attackers who gain access to affected systems can extract...