6554 matches found
CVE-2026-12948 Stored Cross-Site Scripting (XSS)
A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...
CVE-2026-12948
The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...
EUVD-2026-42048
A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...
PT-2026-56193
Name of the Vulnerable Software and Affected Versions Digi PortServer TS affected versions not specified Digi One SP affected versions not specified Digi One SP IA affected versions not specified Digi One IA affected versions not specified Description A stored cross-site scripting XSS issue exist...
ALSA-2026:36307 Moderate: freeipmi security update
The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client CVE-2026-50031 For more details about the...
Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0
Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...
ALSA-2026:36211 Moderate: freeipmi security update
The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client CVE-2026-50031 For more details about the...
EUVD-2026-41462
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 11.8 up to and including 11.12.4Update1, 12.0 up ...
PT-2026-55335
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.1 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the wgagent process. This flaw allows an authenticated privileged user to execute...
PT-2026-55334
Name of the Vulnerable Software and Affected Versions Fireware OS versions 12.1 through 12.12 Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write occurs in the ikestubd process, which may allow an authenticated privileged user to execute arbitrary code by sending special...
Vulnerabilities in Citrix Netscaler ADC and Netscaler Gateway
Citrix has identified vulnerabilities in NetScaler ADC and NetScaler Gateway that are related to inadequate input validation, incorrect access control, and improper memory release. The vulnerabilities, identified as CVE-2026-8451 and CVE-2026-10817, arise from inadequate input validation, where t...
Progress Kemp LoadMaster - Command Injection
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. id: CVE-2024-1212 info: name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote...
CVE-2026-9105
An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process...
CVE-2026-56256
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
EUVD-2026-38743
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
CVE-2026-56256 Capgo - Two-Factor Authentication Bypass via Organization Management API
Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...
CVE-2026-35019
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...
CVE-2026-35019 NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication Bypass
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...
Security Advisory 0143
Security Advisory 0143 PDF Date: June 23, 2026 Revision | Date | Changes ---|---|--- 1.0 | Jun 23, 2026 | Initial release Description All of the CVEs covered in this advisory apply to affected platforms running Arista EOS with the Streaming Telemetry Agent aka TerminAttr enabled. This issue...
CVE-2026-48787
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...