Lucene search
K

1014 matches found

CVE
CVE
added 2026/03/17 9:42 p.m.14 views

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/17 9:42 p.m.23 views

CVE-2026-32839 Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

5.1CVSS0.00208EPSS
Exploits0References3
OSV
OSV
added 2026/03/15 5:55 a.m.2 views

OESA-2026-1571 NetworkManager security update

NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is intended to replace default routes, obtain IP addresses from a DHC...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.2 views

CVE-2019-25465

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and netwo...

8.7CVSS5.8AI score0.00502EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/11 6:23 p.m.6 views

CVE-2019-25465

CVE-2019-25465 affects HiSilicon HiIpcam V100R003. A directory traversal in the cgi-bin getadslattr.cgi endpoint allows unauthenticated remote access to sensitive configuration files, exposing ADSL credentials and network configuration parameters (including usernames, passwords, DNS settings). Re...

8.7CVSS5.8AI score0.00502EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 6:23 p.m.1 views

CVE-2019-25465 Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and netwo...

8.7CVSS5.8AI score0.00502EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.5 views

CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

9.4CVSS5.8AI score0.00665EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 8:16 a.m.12 views

CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

9.4CVSS0.00665EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/06 7:54 a.m.5 views

CVE-2026-2330 CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

9.4CVSS5.8AI score0.00665EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/06 7:54 a.m.36 views

CVE-2026-2330 CVE-2026-2330

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...

9.4CVSS0.00665EPSS
Exploits0References6
NVD
NVD
added 2026/02/25 5:25 p.m.5 views

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication a...

10CVSS0.57793EPSS
Exploits9References2
CVE
CVE
added 2026/02/25 4:14 p.m.298 views

CVE-2026-20127

CVE-2026-20127 concerns a vulnerability in the peering authentication of Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). The flaw allows an unauthenticated, remote attacker to bypass authentication and obtain administrative pr...

10CVSS8.5AI score0.57793EPSS
In wildExploits9References2Affected Software3
Cisco
Cisco
added 2026/02/25 4:0 p.m.14 views

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication a...

10CVSS8.5AI score0.57793EPSS
Exploits9References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21954

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller affected versions not specified Cisco Catalyst SD-WAN Manager affected versions not specified Cisco Catalyst SD-WAN Validator affected versions not specified Description A flaw in the peering authentication...

10CVSS7.6AI score0.57793EPSS
Exploits9References348
Vulnrichment
Vulnrichment
added 2026/02/18 8:59 p.m.3 views

CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/02 5:58 p.m.29 views

CVE-2026-22229 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and Deco BE25 v1.0

A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device,...

8.6CVSS0.01887EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/26 7:58 p.m.25 views

CVE-2025-9615 Networkmanager: networkmanager file access

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

3.3CVSS0.00162EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/26 7:58 p.m.3 views

CVE-2025-9615

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.5 views

CVE-2025-37165

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets...

7.5CVSS7AI score0.00343EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 5:40 p.m.7 views

CVE-2025-37165

CVE-2025-37165 concerns HPE Instant On Access Points. The issue is in router mode configuration that could disclose internal network configuration details to unintended interfaces by inspecting impacted packets. Affected component: router mode configuration; root cause: misconfiguration allowing ...

7.5CVSS6.6AI score0.00343EPSS
Exploits0References1
Rows per page
Query Builder