CVE-2024-12013

A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform...

CVE-2025-24499

A vulnerability has been identified in SCALANCE WAB762-1 6GK5762-1AJ00-6AA0 All versions V3.0.0, SCALANCE WAM763-1 6GK5763-1AL00-7DA0 All versions V3.0.0, SCALANCE WAM763-1 ME 6GK5763-1AL00-7DC0 All versions V3.0.0, SCALANCE WAM763-1 US 6GK5763-1AL00-7DB0 All versions V3.0.0, SCALANCE WAM766-1...

CVE-2025-0109

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...

CVE-2025-0109 PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...

CVE-2025-24499

A vulnerability has been identified in SCALANCE WAB762-1 6GK5762-1AJ00-6AA0 All versions V3.0.0, SCALANCE WAM763-1 6GK5763-1AL00-7DA0 All versions V3.0.0, SCALANCE WAM763-1 ME 6GK5763-1AL00-7DC0 All versions V3.0.0, SCALANCE WAM763-1 US 6GK5763-1AL00-7DB0 All versions V3.0.0, SCALANCE WAM766-1...

SolarWinds Kiwi Syslog Server NG 安全漏洞

SolarWinds Kiwi Syslog Server NG is an application from SolarWinds USA. A security vulnerability exists in SolarWinds Kiwi Syslog Server NG versions prior to 1.3.1, which stems from the fact that sensitive data may be exposed to unprivileged users in configuration files...

PT-2025-6203 · Siemens · Scalance Wam766-1 +4

Name of the Vulnerable Software and Affected Versions: SCALANCE WAB762-1 versions prior to V3.0.0 SCALANCE WAM763-1 versions prior to V3.0.0 SCALANCE WAM763-1 ME versions prior to V3.0.0 SCALANCE WAM763-1 US versions prior to V3.0.0 SCALANCE WAM766-1 versions prior to V3.0.0 SCALANCE WAM766-1 ME...

CVE-2025-20184

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid...

CVE-2021-22648

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file...

CVE-2022-41776

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrativ...

CVE-2022-41629

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as...

CVE-2022-2653

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file i...

CVE-2019-11405

OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...

CVE-2020-10632

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner...

CVE-2024-12398

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00ACLE.3 and WBE660S firmware versions through 6.70ACGG.2 could allow an authenticated user with limited privileges to escalate their privileges to that of an...

CVE-2024-29211

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files...

CVE-2024-29019

ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 command line installation are vulnerable to Cross-Site Request Forgery CSRF allowing remote attackers to carry out attacks against a logged...

CVE-2024-42022

An incorrect permission assignment vulnerability allows an attacker to modify product configuration files...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2025-1104)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-8539

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files...