Lucene search
K

34 matches found

Vulnrichment
Vulnrichment
added 2026/06/04 9:26 a.m.6 views

CVE-2026-50224 Unauthenticated IPv6 WAN Management Exposure

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS5.8AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:5 p.m.6 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23718

Name of the Vulnerable Software and Affected Versions Navtor NavBox affected versions not specified Description The software exposes sensitive configuration and operational data because of a lack of authentication on HTTP API endpoints. A remote attacker with network access can send HTTP GET...

7.5CVSS5.6AI score0.00505EPSS
Exploits0References5
NVD
NVD
added 2025/11/14 11:15 p.m.6 views

CVE-2021-4469

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

8.7CVSS0.00582EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/14 10:53 p.m.5 views

EUVD-2021-34716

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

8.7CVSS6.5AI score0.00582EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-32197

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01004EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.4 views

The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

9CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.6 views

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allo...

9CVSS6.1AI score0.00335EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.7 views

The vulnerability of the UnlockTraceLevelSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UnlockTraceLevelSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass...

9CVSS6.1AI score0.0049EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.20 views

The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

9CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.10 views

The vulnerability of the GetSettings method in the software for controlling and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetSettings method in software for controlling and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security restrictions...

9CVSS6.2AI score0.00525EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.7 views

The vulnerability of the getUsers method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the getUsers method in software for managing and monitoring removed objects in telemetry and telemechanics systems related to the TeleControl Server Basic lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to...

9CVSS6.1AI score0.00604EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.5 views

The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a security intruder to read and write arbitrary files and execute arbitrary code.

The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

9CVSS6.1AI score0.0049EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/25 5:51 p.m.4 views

CVE-2025-32834

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to bypass authorization...

8.8CVSS7.8AI score0.00604EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.3 views

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

8.7CVSS5.8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

CVE-2025-32862

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

8.7CVSS5.8AI score0.0049EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

CVE-2025-32850

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

8.7CVSS5.8AI score0.00525EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.2 views

CVE-2025-32849

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

8.7CVSS5.8AI score0.00525EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

CVE-2025-32835

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariableArchivingBuffering' method. This could allow an authenticated remote attacker to bypass authorization...

8.7CVSS5.8AI score0.00604EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

CVE-2025-32827

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ActivateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

8.7CVSS5.8AI score0.00604EPSS
Exploits0References1
Rows per page
Query Builder