Lucene search
+L

551 matches found

cve
cve
added 2026/02/24 4:30 p.m.70 views

CVE-2026-27589

Summary: CVE-2026-27589 affects Caddy prior to 2.11.1. The local admin API (default at 127.0.0.1:2019) exposes a state-changing POST /load that can replace the running configuration. If origin enforcement is not enabled, the admin endpoint accepts cross-origin requests and applies an attacker-sup...

8.2CVSS5.4AI score0.00166EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/02/17 3:16 p.m.12 views

CVE-2026-2616

A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the...

9.8CVSS5.1AI score0.01292EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/02/11 12:0 a.m.5 views

CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

5.6AI score0.00263EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/02/07 7:22 a.m.8 views

CVE-2026-1978

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

7.5CVSS5.4AI score0.0036EPSS
Exploits0References1
nvd
nvd
added 2026/02/06 5:16 a.m.8 views

CVE-2026-1978

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

7.5CVSS0.0036EPSS
Exploits0References5
euvd
euvd
added 2026/02/06 4:2 a.m.11 views

EUVD-2026-5600

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

6.9CVSS5.4AI score0.0036EPSS
Exploits0References5
cve
cve
added 2026/02/06 4:2 a.m.23 views

CVE-2026-1978

CVE-2026-1978 affects kalyan02 NanoCMS up to version 0.4. The vulnerability is linked to an unknown functionality in the file /data/pagesdata.txt within the User Information Handler component. Manipulating this functionality can result in a direct request and allows remote initiation of the attac...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2026/02/06 4:2 a.m.6 views

CVE-2026-1978 kalyan02 NanoCMS User Information pagesdata.txt direct request

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

6.9CVSS5AI score0.0036EPSS
Exploits0References5
cvelist
cvelist
added 2026/02/06 4:2 a.m.32 views

CVE-2026-1978 kalyan02 NanoCMS User Information pagesdata.txt direct request

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

6.9CVSS0.0036EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/01/09 9:11 a.m.9 views

CVE-2022-35925

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was...

9.8CVSS7AI score0.01384EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/07 9:40 a.m.8 views

CVE-1999-0415

The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration...

7.5CVSS7AI score0.01387EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/07 9:33 a.m.10 views

CVE-2019-16879

The Synergy Systems & Solutions SSS HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function CWE-306 vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or...

9.8CVSS6.8AI score0.0137EPSS
Exploits0References1
euvd
euvd
added 2025/12/28 9:30 p.m.5 views

EUVD-2025-205526

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

6.3CVSS6.2AI score0.00429EPSS
Exploits1References5
attackerkb
attackerkb
added 2025/12/28 8:32 p.m.4 views

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

6.3CVSS4.8AI score0.00429EPSS
Exploits1References4
cve
cve
added 2025/12/28 8:32 p.m.19 views

CVE-2025-15153

CVE-2025-15153 affects PbootCMS up to version 3.2.12, involving the SQLite Database component (file: /data/pbootcms.db). A misoperation in an unknown function within that file can permit remote manipulation that leads to access to files or directories. Exploitation is described as remotely execut...

6.3CVSS4.3AI score0.00429EPSS
Exploits1References4Affected Software1
osv
osv
added 2025/12/28 8:32 p.m.6 views

CVE-2025-15153 PbootCMS SQLite Database pbootcms.db file access

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

6.3CVSS5.2AI score0.00429EPSS
Exploits1References6
redhatcve
redhatcve
added 2025/12/19 3:16 p.m.7 views

CVE-2025-65007

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

8.7CVSS7.5AI score0.00262EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/09 8:39 p.m.20 views

CVE-2021-47709 COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS

COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...

8.7CVSS0.00306EPSS
Exploits0References4
cve
cve
added 2025/12/09 8:39 p.m.15 views

CVE-2021-47709

CVE-2021-47709 (COMMAX Smart Home System) : An unauthenticated attacker can change configuration and trigger denial-of-service by sending a malformed request to the setconf endpoint. The impact is a network-accessible DoS with high severity (CVSS 4.0 base 8.7, AV:N/AC:L/PR:N/UI:N/VI:N/VC:N/VA:H/S...

8.7CVSS6.6AI score0.00306EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/12/09 8:9 a.m.5 views

CVE-2025-41747 Reflected XSS vulnerability in pxc_vlanIntfCfg.php

An XSS vulnerability in pxcvlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...

7.1CVSS5.9AI score0.08549EPSS
Exploits0References1
Rows per page
Query Builder