24 matches found
CVE-2026-22095
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22103
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22096
The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...
CVE-2026-22103 Command injection in NPC start web endpoint
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22103
CVE-2026-22103 : The NPC start endpoint on the web server listening at port 8090 is vulnerable to command injection. The public CVSS v4.0 metrics indicate a base score of 9.3 (CRITICAL) with network attack vector, low attack complexity, no privileges required, and no user interaction. Impacts are...
CVE-2026-22103 Command injection in NPC start web endpoint
The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22096 Missing authentication for webserver endpoints
The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...
CVE-2026-22096 Missing authentication for webserver endpoints
The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...
CVE-2026-22096
CVE-2026-22096 concerns a webserver running on port 8090 that does not require authentication, enabling sensitive information leakage (e.g., configured passwords) and file uploads via multiple endpoints. The Connected documents provide the same description across NVD and CVE records, with no vend...
CVE-2026-22095 Command injection in diagnosis web endpoint
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22095 Command injection in diagnosis web endpoint
The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...
CVE-2026-22095
The CVE-2026-22095 entry describes a command injection vulnerability in the network diagnosis endpoint of a web server listening on port 8090. Details from connected sources confirm the affected component is the diagnosis endpoint (web server) and that exploitation would allow command execution w...
PT-2026-57672
Name of the Vulnerable Software and Affected Versions EVbee DC-80 affected versions not specified Description The built-in web server running on port 8090 lacks authentication. This flaw allows unauthorized access to sensitive information, including configured passwords and stored credentials, an...
Exploit for Improper Input Validation in Alibaba Fastjson
Lab 6-CVE-2017-18349 I. SYSTEM ANALYSIS Attack S...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2022-26134 A remote attacker can construct OGNL expressi...
Denial Of Service (DoS)
github.com/projectcontour/contour is vulnerable to denial of service DoS. The vulnerability exists as there is a lack of authentication to perform GET requests to the unsafe /shutdown endpoint on port 8090, allowing an attacke rto remove Envoy from the routing pool...
CVE-2020-15127
In Contour Ingress controller for Kubernetes before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...
CVE-2019-18333
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs t...
CVE-2019-18334
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to...
Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44784)
The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. An information disclosure vulnerability exists in the Siemens SPPA-T3000. An attacker with network access to the application server could enumerate valid user names by sendi...