CVE-2025-66620

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...

CVE-2025-1449 Admin Shell Access Vulnerability in Rockwell Automation Verve Asset Manager

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory ADI capability deprecated since the 1.36 release allows users to change a variable with...

CVE-2024-3646

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...

ORing Net IAP-420+ 安全漏洞

The ORing Net IAP-420+ is a wireless access point from China Power ORing. A security vulnerability exists in the ORing Net IAP-420+ version 2.0m, which stems from a telnet server that is enabled by default and cannot be permanently disabled, which can be used to connect to the device and obtain a...

Citrix SD-WAN 信任管理问题漏洞

Citrix SD-WAN is a networking product from Citrix, Inc. It virtualizes and optimizes enterprise site-to-site networks. A security vulnerability exists in Citrix SD-WAN that stems from hard-coded credentials that allow administrators to access the shell via the SD-WAN CLI...

PT-2020-13061 · Riverbed · Edgeconnect Appliance

Name of the Vulnerable Software and Affected Versions: EdgeConnect appliance affected versions not specified Description: The issue allows an admin user with shell access to retrieve IPSec UDP key material from both machine-to-machine interfaces and human-accessible interfaces. This material can...