CVE-2024-22639

iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting XSS vulnerability via the Titre Title field in the editing interface...

CVE-2024-22387

External Control of Critical State Data CWE-642 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher...

CVE-2024-55514

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadsfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions...

CVE-2023-34659

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface...

CVE-2023-20206

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

CVE-2021-32793

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added ...

CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

CVE-2019-17506

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password and other information via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZEDGROUP=1%0a to getcfg.php...

CVE-2019-17224

The web interface of the Compal Broadband CH7465LG modem version CH7465LG-NCIP-6.12.18.25-2p6-NOSH is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of th...

CVE-2025-48414

CVE-2025-48414 affects eCharge Hardy Barth cPH2 / cPP2 charging stations. Connected sources describe hard-coded credentials in the web interface scripts, granting access to admin/debug functionality and increasing attack surface. Public details confirm the issue but do not provide a confirmed pat...

PT-2025-20861 · Siemens +1 · Ruggedcom Rox Mx5000 +9

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROX MX5000 versions prior to V2.16.5 RUGGEDCOM ROX MX5000RE versions prior to V2.16.5 RUGGEDCOM ROX RX1400 versions prior to V2.16.5 RUGGEDCOM ROX RX1500 versions prior to V2.16.5 RUGGEDCOM ROX RX1501 versions prior to V2.16.5...

PT-2025-20739 · Digi · Digi One Iap +4

Name of the Vulnerable Software and Affected Versions: Digi PortServer TS versions prior to and including 82000747 AA, build date 06/17/2022 Digi One SP/Digi One SP IA/Digi One IA versions prior to and including 82000774 Z, build date 10/19/2020 Digi One IAP versions prior to and including 820007...

CVE-2025-32788

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential...

CVE-2024-41795

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices is vulnerable to Cross-Site Request Forgery CSRF attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device...

PT-2025-15390 · Senron · Senron 7Kt Pac1260 Data Manager

Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager All versions Description: A path traversal vulnerability has been identified in the web interface of affected devices. This could allow an unauthenticated attacker to access arbitrary files on the device with...

PT-2025-15394 · Unknown · Senron 7Kt Pac1260 Data Manager

Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager all versions Description: A security issue has been identified where the web interface of affected devices allows changing the login password without knowing the current password. In combination with a prepared...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2021-26087

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a...

CVE-2025-22370

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI

A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface web, SSH, console, or telnet and successfully authenticate to exploit this issue. You can greatly...