Lucene search
K

368 matches found

EUVD
EUVD
added 2026/03/08 12:31 a.m.5 views

EUVD-2026-10194

A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mitlinktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

9CVSS6.4AI score0.00594EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.8 views

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8.8CVSS6.6AI score0.01897EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 6:31 p.m.7 views

EUVD-2019-19720

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...

8.8CVSS6AI score0.00408EPSS
Exploits1References4
CVE
CVE
added 2026/02/27 12:58 a.m.20 views

CVE-2026-25196

CVE-2026-25196 is an OS command injection affecting XWEB Pro before 1.12.1. An authenticated attacker can achieve remote code execution by supplying malicious input in the Wi‑Fi SSID and/or password fields during configuration processing. Multiple sources (Red Hat, NVD, EUVD, CVE records) describ...

8.8CVSS6.3AI score0.01897EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/27 12:55 a.m.23 views

CVE-2026-25721 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...

8CVSS0.01897EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.10 views

PT-2026-20529

iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/17 12:0 a.m.3 views

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

5.4AI score0.00152EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-20268

Name of the Vulnerable Software and Affected Versions lty628 aidigu version 1.9.1 Description The software is susceptible to a Cross Site Scripting XSS issue. This affects the /tools/Password/add page, specifically within the password input field. Successful exploitation could allow an attacker t...

7.1CVSS5.3AI score0.00152EPSS
Exploits0References7
NVD
NVD
added 2026/02/12 11:16 p.m.8 views

CVE-2019-25340

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...

7.5CVSS0.00422EPSS
Exploits1References3
OSV
OSV
added 2026/02/12 11:16 p.m.4 views

CVE-2019-25340

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...

7.5CVSS5.8AI score0.00422EPSS
Exploits1References3
NVD
NVD
added 2026/02/12 11:16 p.m.4 views

CVE-2019-25339

GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices...

7.5CVSS0.00282EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.5 views

CVE-2019-25340

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...

7.5CVSS5.5AI score0.00422EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.3 views

CVE-2019-25340 SpotAuditor 5.3.2 - 'Base64' Denial Of Service

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...

7.5CVSS5.6AI score0.00422EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/12 10:48 p.m.8 views

EUVD-2019-19412

SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...

7.5CVSS5.6AI score0.00422EPSS
Exploits1References3
CVE
CVE
added 2026/02/12 10:48 p.m.16 views

CVE-2019-25340

SpotAuditor 5.3.2 contains a denial of service in the Base64 decryption feature. An attacker can crash the application by supplying a malformed input file consisting of 2000 repeated characters, which triggers a crash when pasted into the Base64 Encrypted Password field. The CVSS metrics indicate...

7.5CVSS5.6AI score0.00422EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/12 10:48 p.m.25 views

CVE-2019-25339 GHIA CamIP 1.2 for iOS - 'Password' Denial of Service

GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices...

7.5CVSS0.00282EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:48 p.m.6 views

CVE-2019-25339

GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices...

7.5CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.6 views

CVE-2019-25339 GHIA CamIP 1.2 for iOS - 'Password' Denial of Service

GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices...

7.5CVSS5.8AI score0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/11 2:56 p.m.4 views

CVE-2019-25311 thesystem Persistent XSS

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 2:56 p.m.12 views

CVE-2019-25311

The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder