Lucene search
K

55265 matches found

Nuclei
Nuclei
added 18 hours ago186 views

Tenda 11N - Authentication Bypass

Tenda 11N with firmware version V5.07.33cn contains an authentication bypass vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-42233 info: name: Tenda 11N -...

9.8CVSS7.2AI score0.42704EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago91 views

Trendnet AC2600 TEW-827DRU - Credentials Disclosure

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. id: CVE-2021-20150 info: name: Trendnet AC2600 TEW-827DR...

5.3CVSS6.1AI score0.4006EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago47 views

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.4AI score0.02995EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago46 views

Zyxel ZyWall UAG/USG - Account Creation Access

Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks. id: CVE-2019-12583 info: name: Zyxel ZyWall UAG/USG - Account Creation...

9.1CVSS7.2AI score0.43926EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago43 views

WAVLINK WN533A8 - Improper Access Control

WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser; and thereby possibly obtain sensitive information, modify data, and/or execute...

7.5CVSS7.1AI score0.16583EPSS
Exploits4References5
Nuclei
Nuclei
added 18 hours ago7 views

Mitel 6000 - OS Command Injection

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

6.5CVSS7.3AI score0.47629EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago46 views

LOYTEC LGATE-902 6.3.2 - Local File Inclusion

LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories including critical system files that are stored outside the root folder of the web application running on the device. This can be used to read...

7.8CVSS7.1AI score0.17982EPSS
Exploits3
Nuclei
Nuclei
added 18 hours ago53 views

Cisco RV132W/RV134W Router - Information Disclosure

Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. id: CVE-2018-012...

9.8CVSS7.2AI score0.77605EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago83 views

Xiaomi Mi WiFi R3G Routers - Local file Inclusion

Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. id: CVE-2019-18371...

7.5CVSS7.1AI score0.55427EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago72 views

NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution

NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has ...

9.8CVSS7.8AI score0.57195EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago33 views

Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting

Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp login page. id: CVE-2018-10383 info: name: Lantronix SecureLinx Spider SLS 2.2+ - Cross-Site Scripting author: ritikchaddha severity: medium description: | Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp...

6.1CVSS6.4AI score0.01912EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago84 views

SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution

SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the systemlog.cgi page. id: CVE-2020-17456 info: name: SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution author: gy741,edoardottt severity: critical description: SEOWON INTECH...

9.8CVSS8AI score0.71691EPSS
Exploits8References5
Nuclei
Nuclei
added 18 hours ago75 views

Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. id: CVE-2020-35713 info: name: Belkin Linksys RE6500 1.0.012.001 - Remote Command Execution author: gy741 severity:...

10CVSS7.5AI score0.32704EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago18 views

TOTOLINK A3002RU 1.0.8 - Information Disclosure

TOTOLINK A3002RU firmware version 1.0.8 contains a vulnerability in which an unauthenticated attacker can obtain the plaintext admin password by making a GET request for password.htm. This allows remote attackers to gain administrative access without credentials. id: CVE-2018-13317 info: name:...

6.1CVSS6.5AI score0.00991EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago69 views

D-Link Routers - Local File Inclusion

D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /...

7.5CVSS7.2AI score0.39268EPSS
Exploits8References5
Nuclei
Nuclei
added 18 hours ago65 views

Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion

Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...

7.8CVSS6.1AI score0.28806EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago207 views

Honeywell PM43 Printers - Command Injection

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006 id:...

9.9CVSS7.2AI score0.33094EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago22 views

Four-Faith F3x36 - Authentication Bypass

Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...

9.8CVSS7.2AI score0.0293EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago18 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS5.9AI score0.02663EPSS
Exploits3References1
Nuclei
Nuclei
added 18 hours ago72 views

Wavlink WN-533A8 - Cross-Site Scripting

Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the loginpage parameter. id: CVE-2022-34048 info: name: Wavlink WN-533A8 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Wavlink WN-533A8 M33A8.V5030.190716 contains a...

6.1CVSS6.3AI score0.0509EPSS
Exploits4References5
Rows per page
Query Builder