551 matches found
CVE-2026-27589
Summary: CVE-2026-27589 affects Caddy prior to 2.11.1. The local admin API (default at 127.0.0.1:2019) exposes a state-changing POST /load that can replace the running configuration. If origin enforcement is not enabled, the admin endpoint accepts cross-origin requests and applies an attacker-sup...
CVE-2026-2616
A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the...
CVE-2025-65128
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...
CVE-2026-1978
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...
CVE-2026-1978
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...
EUVD-2026-5600
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...
CVE-2026-1978
CVE-2026-1978 affects kalyan02 NanoCMS up to version 0.4. The vulnerability is linked to an unknown functionality in the file /data/pagesdata.txt within the User Information Handler component. Manipulating this functionality can result in a direct request and allows remote initiation of the attac...
CVE-2026-1978 kalyan02 NanoCMS User Information pagesdata.txt direct request
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...
CVE-2026-1978 kalyan02 NanoCMS User Information pagesdata.txt direct request
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...
CVE-2022-35925
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was...
CVE-1999-0415
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration...
CVE-2019-16879
The Synergy Systems & Solutions SSS HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function CWE-306 vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or...
EUVD-2025-205526
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...
CVE-2025-15153
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...
CVE-2025-15153
CVE-2025-15153 affects PbootCMS up to version 3.2.12, involving the SQLite Database component (file: /data/pbootcms.db). A misoperation in an unknown function within that file can permit remote manipulation that leads to access to files or directories. Exploitation is described as remotely execut...
CVE-2025-15153 PbootCMS SQLite Database pbootcms.db file access
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...
CVE-2025-65007
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...
CVE-2021-47709 COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint...
CVE-2021-47709
CVE-2021-47709 (COMMAX Smart Home System) : An unauthenticated attacker can change configuration and trigger denial-of-service by sending a malformed request to the setconf endpoint. The impact is a network-accessible DoS with high severity (CVSS 4.0 base 8.7, AV:N/AC:L/PR:N/UI:N/VI:N/VC:N/VA:H/S...
CVE-2025-41747 Reflected XSS vulnerability in pxc_vlanIntfCfg.php
An XSS vulnerability in pxcvlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...