569 matches found
CVE-2025-30512 Growatt Cloud portal External Control of System or Configuration Setting
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely e.g., on/off...
PT-2025-16500
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue allows unauthenticated attackers to send configuration settings to a device and possibly perform physical actions remotely, such as turning the device on or off. Recommendations At t...
CVE-2025-28403
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...
CVE-2025-28403
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...
Webmin < 2.100 Multiple Vulnerabilities
According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.100. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability exists in the Users Real name parameter. - A Cross-Site Scripting XSS vulnerability exists in...
CVE-2025-2651
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The explo...
CVE-2025-2651
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The explo...
CVE-2025-2652
CVE-2025-2652 concerns SourceCodester’s Employee and Visitor Gate Pass Logging System 1.0 , where an unspecified functionality allows information exposure via directory listing. The vulnerability can be exploited remotely; multiple sub-directories are affected, and an exploit has been disclosed p...
CVE-2025-2652 SourceCodester Employee and Visitor Gate Pass Logging System exposure of information through directory listing
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of information through directory listing. The attack can be launched...
CVE-2025-2651 SourceCodester Online Eyewear Shop admin exposure of information through directory listing
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The explo...
CVE-2025-2651
CVE-2025-2651 affects SourceCodester Online Eyewear Shop 1.0, with exposure of information via directory listing in an unknown function under /oews/admin/. The attack is described as remotely executable and affects multiple sub-directories. Connected sources consistently state a directory listing...
MGASA-2025-0105 Updated tomcat packages fix security vulnerabilities
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...
CVE-2024-5462
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...
CVE-2025-1341
A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. This affects an unknown part of the component Setting Handler. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The...
CVE-2024-5462 Brocade Fabric OS may capture SNMP Passwords in clear text
If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...
CVE-2024-12535
The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...
BIT-SUPERSET-2023-49657 Apache Superset: Stored XSS in Dashboard Title and Chart Title
A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their...
CVE-2024-5732
A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public...
CVE-2024-42456
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...
CVE-2024-11630
A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be initiated remotely...