Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2877 matches found

OSV
OSVadded 2022/06/06 5:15 p.m.4 views

CVE-2022-31483

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contai...

8.8CVSS7.6AI score
Exploits0References1
OSV
OSVadded 2022/06/06 5:15 p.m.3 views

CVE-2022-31480

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service DoS. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References1
NVD
NVDadded 2022/06/06 5:15 p.m.13 views

CVE-2022-31484

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...

7.5CVSS0.0095EPSS
Exploits0References1
NVD
NVDadded 2022/06/06 5:15 p.m.15 views

CVE-2022-31486

An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...

9CVSS0.01217EPSS
Exploits0References1
NVD
NVDadded 2022/06/06 5:15 p.m.15 views

CVE-2022-31480

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service DoS. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

7.5CVSS0.00874EPSS
Exploits0References1
NVD
NVDadded 2022/06/06 5:15 p.m.14 views

CVE-2022-31485

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

5.3CVSS0.00756EPSS
Exploits0References1
NVD
NVDadded 2022/06/06 5:15 p.m.11 views

CVE-2022-31482

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...

7.8CVSS0.0095EPSS
Exploits0References1
NVD
NVDadded 2022/06/06 5:15 p.m.19 views

CVE-2022-31483

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contai...

9.1CVSS0.01589EPSS
Exploits0References1
OSV
OSVadded 2022/06/06 5:15 p.m.3 views

CVE-2022-31479

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...

9.8CVSS5.8AI score0.02269EPSS
Exploits0References1
NVD
NVDadded 2022/06/06 5:15 p.m.15 views

CVE-2022-31479

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...

10CVSS0.02269EPSS
Exploits0References1
Prion
Prionadded 2022/06/06 5:15 p.m.17 views

Denial of service

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service DoS. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

5CVSS8AI score0.00874EPSS
Exploits0References1Affected Software14
Prion
Prionadded 2022/06/06 5:15 p.m.16 views

Design/Logic Flaw

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...

10CVSS9.7AI score0.02269EPSS
Exploits0References1Affected Software14
Prion
Prionadded 2022/06/06 5:15 p.m.14 views

Design/Logic Flaw

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...

5CVSS8.1AI score0.0095EPSS
Exploits0References1Affected Software14
Prion
Prionadded 2022/06/06 5:15 p.m.12 views

Design/Logic Flaw

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

5CVSS6.3AI score0.00756EPSS
Exploits0References1Affected Software14
Prion
Prionadded 2022/06/06 5:15 p.m.12 views

Buffer overflow

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...

7.8CVSS8AI score0.0095EPSS
Exploits0References1Affected Software14
Cvelist
Cvelistadded 2022/06/06 4:41 p.m.19 views

CVE-2022-31486 Command injection via Advanced Networking route add functionality

An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...

8.8CVSS8.8AI score0.01217EPSS
Exploits0References1
CVE
CVEadded 2022/06/06 4:41 p.m.98 views

CVE-2022-31486

CVE-2022-31486 is an authenticated command-injection vulnerability in HID Mercury LNL-4420 panels (LenelS2) where an input in the hostname field of network.cgi can be used to execute shell commands after a valid session. The issue enables command execution on the device and, depending on the firm...

9CVSS8.6AI score0.01217EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2022/06/06 4:41 p.m.92 views

CVE-2022-31485

CVE-2022-31485 is listed in the provided Trellix disclosures as an unauthenticated information spoofing vulnerability affecting Mercury LNL-4420 panels (firmware up to 1.291). The Connected documents do not provide concrete exploit steps, payloads, affected subcomponents, root cause details, or r...

5.3CVSS5.6AI score0.00756EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/06/06 4:41 p.m.20 views

CVE-2022-31485 Unauthenticated homepage note modification

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

5.3CVSS5.6AI score0.00756EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/06/06 4:40 p.m.13 views

CVE-2022-31484 User Account Deletion Unauthenticated

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...

7.5CVSS7.9AI score0.0095EPSS
Exploits0References1
Rows per page
Query Builder