PT-2026-25312

CVE-2025-13778 Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-… https://t.co/s08dPDmnD8...

CVE-2025-59968

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

CVE-2025-59968 Junos Space Security Director: Insufficient authorization for sensitive resources in web interface

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

Pepperl+Fuchs ICDM-RX 跨站脚本漏洞

The Pepperl+Fuchs ICDM-RX is a series of gateway devices from Pepperl+Fuchs Germany. A cross-site scripting vulnerability exists in the Pepperl+Fuchs ICDM-RX. An attacker can exploit this vulnerability to inject malicious HTML code and gain low-privilege access on the affected device...

Pepperl+Fuchs ICDM-RX 跨站脚本漏洞

The Pepperl+Fuchs ICDM-RX is a series of gateway devices from Pepperl+Fuchs Germany. A cross-site scripting vulnerability exists in the Pepperl+Fuchs ICDM-RX. An attacker could exploit this vulnerability to obtain information from a user or reboot the affected device once...

CVE-2023-27917

OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 a...

CVE-2021-40517

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access...

CVE-2021-40521

Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution...

CVE-2021-40519

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials...

CVE-2021-40519

Airangel HSMX Gateway devices prior to version 5.2.04 have hard-coded PostgreSQL database credentials embedded in the configuration file, according to multiple sources. This root cause allows an attacker to connect to the HSMX database over the network, potentially enabling unauthorized access to...

CVE-2021-22411

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service...

CVE-2021-0235

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to...

VulnCheck KEV: CVE-2019-19781

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution...

CVE-2017-17152

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE,...

Multiple Moxa Products Privilege Acquisition Vulnerabilities

Moxa OnCell G3100V2 and others are IP gateway products from Moxa. A privilege-acquisition vulnerability exists in multiple Moxa products, where the program fails to properly limit the number of authentication requests. A remote attacker could exploit this vulnerability by performing a brute force...

Code injection

flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 aka dnsmasq parameter...

Information Disclosure Vulnerability in Multiple Sierra Wireless Products

Sierra Wireless LS300, GX400/440/450 and ES440/450 running ALEOS is a set of application frameworks that run in the LS300, GX400/440/450 and ES440/450 gateway devices. Multiple Sierra Wireless filteredlogs.txt files are visible to unauthenticated users, allowing remote attackers to exploit the...

Juniper Networks Junos OS J-Web Embedthis Software AppWeb Denial of Service Vulnerability

Juniper Networks Junos on SRX Series devices is a network operating system that runs on SRX Series service gateway devices.J-Web is one of the network management tools.Embedthis Software AppWeb is an Embedthis Software Inc. Fast and compact web server. A security vulnerability in Embedthis Softwa...