Lucene search
K

1079 matches found

NVD
NVD
added 2026/02/11 6:16 p.m.7 views

CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

8.1CVSS0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.7 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS5.7AI score0.00244EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/05 1:55 p.m.29 views

CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

5.1CVSS0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 1:55 p.m.6 views

CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

5.1CVSS5.8AI score0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6556

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise Certified Container versions up to 12.19.0 Continuous Delivery IBM App Connect Enterprise Certified Container version 12.0 LTS Long Term Support Description The software may allow an attacker to access sensitive file...

5.1CVSS5.4AI score0.00148EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 10:59 p.m.15 views

CVE-2026-1632

The CVE affects MOMA Seismic Station, specifically versions v2.4.2520 and prior, where the web management interface is exposed without authentication. The root cause is missing access control on the web UI, enabling an unauthenticated attacker to modify configuration settings, exfiltrate device d...

9.3CVSS5.4AI score0.00474EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:59 p.m.2 views

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

9.3CVSS5.4AI score0.00474EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

RISS SRL MOMA Seismic Station 访问控制错误漏洞

RISS SRL MOMA Seismic Station is a specialized industrial control device for earthquake monitoring developed by the Italian company RISS SRL. Versions of RISS SRL MOMA Seismic Station prior to v2.4.2520 contained an access control vulnerability. This vulnerability stemmed from the lack of...

9.3CVSS5.8AI score0.00474EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/26 5:46 p.m.7 views

EUVD-2026-4672

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 lack cross-site request forgery CSRF protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered b...

5.1CVSS5.9AI score0.00108EPSS
Exploits0References2
CVE
CVE
added 2026/01/21 5:27 p.m.12 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 is affected by a CSRF vulnerability. An attacker can lure an authenticated administrator to a malicious page to modify SMTP configuration settings, potentially enabling unauthorized changes. The vulnerability is CSRF with no direct remote code execution ...

6.5CVSS5.8AI score0.00349EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/14 5:16 p.m.9 views

CVE-2025-37185

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 4:20 p.m.23 views

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/14 4:20 p.m.5 views

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS5.7AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.6 views

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

8.8CVSS6.8AI score0.0205EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:56 a.m.8 views

CVE-2018-4070

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send...

8.8CVSS6.5AI score0.18287EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.12 views

CVE-2020-12041

The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to netwo...

9.4CVSS6.5AI score0.01395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.9 views

CVE-2020-7300

Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...

6.3CVSS6.8AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2026/01/07 12:17 p.m.6 views

CVE-2025-31963

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

3.3CVSS5.8AI score0.00082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.11 views

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

4.3CVSS6.7AI score0.00651EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 7:5 a.m.12 views

CVE-2025-31963

Summary (CVE-2025-31963) : In HCL BigFix IVR version 4.2, the local setup interface component suffers from improper authentication and missing CSRF protection. This allows a local attacker to perform unauthorized configuration changes through unauthenticated administrative configuration requests....

3.3CVSS6.5AI score0.00082EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder