Lucene search
K

361 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40436

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

7.5CVSS5.5AI score0.00191EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2026/05/29 4:23 p.m.29 views

Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

6.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36984

Name of the Vulnerable Software and Affected Versions PaperCut Hive Ricoh embedded application affected versions not specified Description An issue exists where the application records administrative credentials in plain text within log files when the "Deep Logging" diagnostic mode is enabled. An...

5.9CVSS5.8AI score0.00242EPSS
Exploits0References4
NVD
NVD
added 2026/04/30 3:16 p.m.6 views

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

7.5CVSS0.00323EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.35 views

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

0.00323EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/04/13 6:31 a.m.2 views

CVE-2026-40436 ZTE ZXEDM iEMS product has a password reset vulnerability

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 6:18 p.m.7 views

CVE-2025-69615

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03...

9.1CVSS0.0045EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.9 views

Deutsche Telekom Account Management Portal 安全漏洞

The Deutsche Telekom Account Management Portal is an online portal system used by Deutsche Telekom in Germany for managing user accounts and configuring services. Versions of the Deutsche Telekom Account Management Portal prior to version 2025-10-24 contained security vulnerabilities. These...

9.1CVSS5.8AI score0.0045EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 12:0 a.m.13 views

CVE-2025-69614

CVE-2025-69614 affects Deutsche Telekom AG Telekom Account Management Portal (versions prior to 2025-10-27). Root cause: Incorrect Access Control via activation token reuse on the password-reset endpoint, enabling unauthorized password resets and potential full account takeover. Impact is rated C...

9.4CVSS5.8AI score0.00389EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 7:51 a.m.6 views

CVE-2026-28769

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

6.5CVSS6.1AI score0.0064EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 9:31 a.m.8 views

EUVD-2026-9364

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

5.3CVSS6.1AI score0.0064EPSS
Exploits1References2
NVD
NVD
added 2026/03/04 7:16 a.m.15 views

CVE-2026-28769

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

6.5CVSS0.0064EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/04 7:2 a.m.4 views

CVE-2026-28769 LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumeration On IDC Satellite Receiver Web Management Interface Version 101

A path traversal vulnerability exists in the /IDCLogging/checkifdone.cgi script in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the file parameter to traverse directories and enumerate...

5.3CVSS6.1AI score0.0064EPSS
Exploits1References1
NVD
NVD
added 2026/02/23 6:25 p.m.3 views

CVE-2026-26464

Stored Cross-Site Scripting XSS was found in the /admin/edituser.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST...

6.1CVSS0.00248EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/23 12:0 a.m.4 views

CVE-2026-26464

Stored Cross-Site Scripting XSS was found in the /admin/edituser.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST...

6.1AI score0.00248EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.5 views

CVE-2023-45352

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This...

8.8CVSS7.7AI score0.00811EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.7 views

CVE-2023-45354

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589...

8.8CVSS7.8AI score0.00904EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.11 views

CVE-2020-24592

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization...

5.3CVSS6.5AI score0.0087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:48 a.m.8 views

CVE-2020-24594

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...

9.6CVSS7.9AI score0.01713EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.8 views

CVE-2019-7593

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal SMP...

9.1CVSS6.8AI score0.0082EPSS
Exploits0References1
Rows per page
Query Builder