CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.3CVSS6.2AI score0.00025EPSS

Advantech WebAccess/VPN StandaloneVpnClientsController.addStandaloneVpnClientAction function cross-site scripting vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

6.5CVSS8.4AI score0.0003EPSS

Advantech WebAccess/VPN AjaxStandaloneVpnClientsController.ajaxAction function SQL injection vulnerability

6.5CVSS8.5AI score0.0003EPSS

Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability

8.6CVSS8.4AI score0.0003EPSS

Advantech WebAccess/VPN AjaxNetworkController.ajaxAction Function SQL Injection Vulnerability

6.5CVSS7.6AI score0.0003EPSS

CVE-2025-34245

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

RedhatCVE•added 2025/11/07 7:58 p.m.•2 views

CVE-2025-34241

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS7.6AI score0.0003EPSS

6.2CVSS6AI score0.00028EPSS

CVE-2025-34236

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via NetworksController.addNetworkAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

6.5CVSS7.6AI score0.0003EPSS

CVE-2025-34244

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

RedhatCVE•added 2025/11/07 7:58 p.m.•2 views

CVE-2025-34237

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

6.3CVSS6AI score0.00025EPSS

6.5CVSS7.6AI score0.00034EPSS

CVE-2025-34247

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

OSV•added 2025/11/06 8:15 p.m.•2 views

CVE-2025-34247

6.5CVSS5.8AI score0.00034EPSS

OSV•added 2025/11/06 8:15 p.m.•0 views

CVE-2025-34241

6.5CVSS5.8AI score0.0003EPSS

NVD•added 2025/11/06 8:15 p.m.•2 views

CVE-2025-34246

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS0.00031EPSS

OSV•added 2025/11/06 8:15 p.m.•1 views

CVE-2025-34246

6.5CVSS5.8AI score

NVD•added 2025/11/06 8:15 p.m.•1 views

CVE-2025-34242

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS0.0003EPSS

OSV•added 2025/11/06 8:15 p.m.•2 views

CVE-2025-34242

6.5CVSS5.8AI score

OSV•added 2025/11/06 8:15 p.m.•0 views

CVE-2025-34237

5.4CVSS5.9AI score

OSV•added 2025/11/06 8:15 p.m.•1 views

CVE-2025-34239

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

7.2CVSS6AI score0.00175EPSS

NVD•added 2025/11/06 8:15 p.m.•1 views

CVE-2025-34240

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS0.0003EPSS