CWE-255
124 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-255page 3 of 3
- CVE-2021-37000HIGHCVSS 7.7EG 7.72024-12-28
Some Huawei wearables have a permission management vulnerability.
- CVE-2022-25327MEDIUMCVSS 5.5EG 5.52022-02-25
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt met…
- CVE-2024-11026LOWCVSS 3.7EG 3.72024-11-08
A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore…
- CVE-2025-11284HIGHCVSS 7.3EG 7.32025-10-05
A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The ma…
- CVE-2025-11649HIGHCVSS 7.0EG 7.02025-10-12
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated f…
- CVE-2025-11666MEDIUMCVSS 6.7EG 6.72025-10-13
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to us…
- CVE-2025-13187MEDIUMCVSS 5.3EG 5.32025-11-14
A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of cre…
- CVE-2025-13221MEDIUMCVSS 5.3EG 5.32025-11-15
A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credent…
- CVE-2025-14183MEDIUMCVSS 4.3EG 4.32025-12-07
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of …
- CVE-2025-15128MEDIUMCVSS 5.3EG 5.32025-12-28
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/ex…
- CVE-2025-15151LOWCVSS 3.7EG 3.72025-12-28
A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration fi…
- CVE-2025-2355LOWCVSS 3.3EG 3.32025-03-17
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY lead…
- CVE-2025-2555LOWCVSS 2.9EG 2.92025-03-20
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally …
- CVE-2025-4286LOWCVSS 2.7EG 2.72025-05-05
A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação lea…
- CVE-2025-6139LOWCVSS 3.9EG 3.92025-06-16
A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. T…
- CVE-2025-6932LOWCVSS 3.7EG 3.72025-06-30
A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation le…
- CVE-2025-7079HIGHCVSS 8.1EG 3.72025-07-06
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipu…
- CVE-2025-7080LOWCVSS 3.7EG 3.72025-07-06
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The …
- CVE-2025-7453LOWCVSS 3.7EG 3.72025-07-11
A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipu…
- CVE-2025-7577LOWCVSS 3.7EG 3.72025-07-14
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate th…
- CVE-2025-9725HIGHCVSS 8.8EG 8.82025-08-31
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carr…
- CVE-2026-11515MEDIUMCVSS 5.3EG 5.32026-06-08
A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the component Password Reset Handler. Such m…
- CVE-2026-11552MEDIUMCVSS 5.3EG 5.32026-06-08
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_us…
- CVE-2026-6597LOWCVSS 2.7EG 2.72026-04-20
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes un…
Map vulnerabilities like CWE-255 to your infrastructure
EchelonGraph correlates every CVE — across CWE-255 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →