CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

CVE-2025-41268

CVE-2025-41268 affects Waterfall WF-500 TX/RX Hosts (Administration WebUI) running version 7.9.1.0 R2502171040. The issue is a CWE-23 Relative Path Traversal in the Admin WebUI that could allow remote unauthenticated attackers to delete arbitrary files on the host machines. Connected sources conf...

EUVD-2026-9216

Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...

PT-2026-4791

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

CVE-2024-45161

A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...

EUVD-2020-4046

Malware in sbrugna...

EUVD-2023-59276

Malicious code in bioql PyPI...

EUVD-2022-31052

Malicious code in bioql PyPI...

EUVD-2024-34707

Malicious code in bioql PyPI...

CVE-2025-54083 Calix GigaCenter ONT firmware - Sensitive Information Disclosure

Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT Quantenna SoC modules allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE...

CVE-2024-36439

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password...

CVE-2020-8243

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution...

CVE-2020-11704

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

CVE-2020-8260

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction...

CVE-2024-5917

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

CVE-2024-5917 PAN-OS: Server-Side Request Forgery in WildFire

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

CVE-2024-47943 Improper signature verification of firmware upgrade files

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

CVE-2024-47943 Improper signature verification of firmware upgrade files

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...

PT-2024-32905 · Rittal · Iot Interface & Cmc Iii Processing Unit

Name of the Vulnerable Software and Affected Versions: Rittal IoT Interface & CMC III Processing Unit affected versions not specified Description: The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are...