CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/18 9:2 p.m.•2 views

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

8.6CVSS6.8AI score0.00039EPSS

CVE•added 2026/02/18 9:2 p.m.•13 views

CVE-2026-2670

Affected product/versions: Advantech WISE-6610 (1.2.1_20251110). Vulnerable component/file: /cgi-bin/luci/admin/openvpn_apply in the Background Management module. Root cause / condition: Manipulation of the argument delete_file enables an OS command injection. Impact: Remote execution possible wi...

8.6CVSS6.9AI score0.00039EPSS

Cvelist•added 2026/02/18 9:2 p.m.•19 views

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

8.6CVSS0.00039EPSS

CNNVD•added 2026/02/18 12:0 a.m.•2 views

Advantech WISE-6610 操作系统命令注入漏洞

8.6CVSS7.3AI score0.00039EPSS

Positive Technologies•added 2026/02/18 12:0 a.m.•3 views

PT-2026-20509

Name of the Vulnerable Software and Affected Versions Advantech WISE-6610 version 1.2.1 20251110 Description A flaw exists in Advantech WISE-6610 that allows remote execution of operating system commands. This is due to improper handling of the delete file argument within an unknown function of t...

8.6CVSS7.2AI score0.00039EPSS

Exploits2References8

GithubExploit•added 2026/01/12 10:1 a.m.•219 views

Exploit for CVE-2025-52694

CVE-2025-52694: Advantech SaaS Composer SQL Injection This re...

10CVSS8.8AI score0.12795EPSS

Exploits1

RedhatCVE•added 2026/01/09 10:17 a.m.•3 views

CVE-2019-18229

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information...

6.5CVSS7.9AI score0.00651EPSS

CNVD•added 2025/12/10 12:0 a.m.•1 views

Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097500)

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

5.4CVSS6.2AI score0.00024EPSS

RedhatCVE•added 2025/12/06 5:54 p.m.•2 views

CVE-2025-34261

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

CVE-2025-34263

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

CVE-2025-34257

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...

CVE-2025-34264

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...

10CVSS7.8AI score0.00308EPSS

CVE-2025-34256

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote...