CVE-2012-3025

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2012-4701

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging 1 valid credentials or 2 the guest feature...

CVE-2012-4027

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file...

CVE-2025-25685

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

CVE-2025-25685

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...

CVE-2025-25684

CVE-2025-25684 affects GL.iNet Beryl AX GL-MT3000 (v4.7.0). A lack of validation in the /download path permits arbitrary file download from the device via a crafted POST request. Public references in the dataset confirm the vulnerability class as a path-traversal-like flaw enabling access to the ...

CVE-2025-25685

CVE-2025-25685 affects GL.iNet Beryl AX GL-MT3000 (v4.7.0). The issue allows attackers to download arbitrary files from the device’s filesystem by adding symbolic links on an external drive that is exposed as a Samba share. Root cause described is related to the handling of symbolic links on the ...

GL.iNet Beryl AX GL-MT3000 安全漏洞

GL.iNet Beryl AX GL-MT3000 is a portable WiFi 6 router from China's Guanglian Zhitong GL.iNet. It is used to provide network connectivity and supports 2.5G network ports and a variety of features. A security vulnerability exists in GL.iNet Beryl AX GL-MT3000 version v4.7.0, which stems from...

CVE-2025-25685

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

GL.iNet Beryl AX GL-MT3000 安全漏洞

GL.iNet Beryl AX GL-MT3000 is a portable WiFi 6 router from China's Guanglian Zhitong GL.iNet. It is used to provide network connectivity and supports 2.5G network ports and a variety of features. A security vulnerability exists in GL.iNet Beryl AX GL-MT3000 version v4.7.0, which stems from...

CVE-2025-25685

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...

CVE-2025-25684

A lack of validation in the path parameter /download of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request...

Linux Distros Unpatched Vulnerability : CVE-2022-1204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows ...

CVE-2024-54767

AVM FRITZ!Box 7530 AX (v7.59) is affected by an access control flaw in the /juis_boxinfo.xml endpoint that can disclose sensitive information without authentication. The issue appears to originate from improper access controls on the boxinfo endpoint, enabling unauthenticated information disclosu...

Malicious code in ax-ntlm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb4f424aab2dcc6cf1cd2739c30f2b94d2137b9bc89a91aa17b8071ec23370a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10690 Malicious code in ax-ntlm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb4f424aab2dcc6cf1cd2739c30f2b94d2137b9bc89a91aa17b8071ec23370a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ax-proxy-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 530cf2448f8a75d570e3dacd158740f4338e093c63aba432c8d875ca4e0219e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...