235 matches found
EUVD-2025-22544
Malicious code in bioql PyPI...
CVE-2025-9269
A Server-Side Request Forgery SSRF vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerabili...
CVE-2025-9269
A Server-Side Request Forgery SSRF vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerabili...
CVE-2025-9269 Server-Side Request Forgery (SSRF) vulnerability found in embedded web server
A Server-Side Request Forgery SSRF vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerabili...
CVE-2025-9269
Lexmark devices with the embedded web server are affected by CVE-2025-9269 (SSRF). The vulnerability allows an attacker to coerce the device into issuing arbitrary HTTP requests to a third-party server, potentially enabling internal network access or data disclosure. CVSSv4 base score 6.9 (networ...
PT-2025-36901
Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the embedded web server of Lexmark devices. An attacker can exploit this issue to make the device send an arbitrary HTTP...
Netgear SPH200D 安全漏洞
The Netgear SPH200D is a wireless Internet phone from Netgear USA. The Netgear SPH200D suffers from a directory traversal vulnerability that can be exploited by an attacker to view arbitrary files on the system by sending a crafted URL request...
EmbedThis GoAhead 跨站脚本漏洞
EmbedThis GoAhead is an embedded web server software from EmbedThis, Inc. A cross-site scripting vulnerability exists in EmbedThis GoAhead version 2.5, which stems from HTML injection of the name parameter...
CVE-2025-6260 Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset us...
CVE-2025-6260
CVE-2025-6260 affects Network Thermostat X-Series WiFi Thermostats: the embedded web server can be reached unauthenticated over LAN or via Internet-exposed router, enabling an attacker to reset user credentials by manipulating the web interface. The exact vulnerable versions are not specified in ...
The vulnerability of the formLanSetupRouterSettings() function in D-Link DIR-513 router microprogramming software, a built-in web server, allows a hacker to cause a service failure.
The vulnerability of the formLanSetupRouterSettings function in the embedded web server of D-Link’s DIR-513 router software is related to the issue where data is written out of the buffer into memory when processing the curTime parameter. Exploiting this vulnerability could allow a remote attacke...
Network Thermostat X-Series WiFi thermostats 访问控制错误漏洞
Network Thermostat X-Series WiFi thermostats is a WiFi only thermostat from Network Thermostat, Inc. An access control error vulnerability exists in Network Thermostat X-Series WiFi thermostats that stems from an embedded web server that allows an unauthorized attacker to reset user credentials b...
The vulnerability in the embedded web server microprogramming software of TOTOLINK A3002R, A3002RU, A702R, and EX1200T routers allows a hacker to induce a service failure.
The vulnerability in the embedded web server microprogramming software of TOTOLINK A3002R, A3002RU, A702R, and EX1200T routers is related to the issue of the operation exceeding the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious actor t...
CVE-2019-6326
HP Color LaserJet Pro M280-M281 Multifunction Printer series before v. 20190419, HP LaserJet Pro MFP M28-M31 Printer series before v. 20190426 may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow...
CVE-2019-6325
HP Color LaserJet Pro M280-M281 Multifunction Printer series before v. 20190419, HP LaserJet Pro MFP M28-M31 Printer series before v. 20190426 may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery...
CVE-2019-6324
HP Color LaserJet Pro M280-M281 Multifunction Printer series before v. 20190419, HP LaserJet Pro MFP M28-M31 Printer series before v. 20190426 may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page...
CVE-2019-19773
Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content=TE935=en=ENUS...
CVE-2019-19772
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content=TE935=en=ENUS...
CVE-2025-36535
The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality...
CVE-2025-36535
CVE-2025-36535 affects AutomationDirect MB-Gateway. The embedded web server lacks authentication/access controls, allowing unrestricted remote access that could enable configuration changes, operational disruption, or arbitrary code execution depending on exposure. Public sources (NVD, CVE listin...