Lucene search
K

24 matches found

EUVD
EUVD
added 2026/03/07 3:30 a.m.4 views

EUVD-2026-10092

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

9.3CVSS6.5AI score0.02999EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/07 3:30 a.m.7 views

EUVD-2026-10094

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

8.6CVSS5.8AI score0.00495EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/07 3:30 a.m.6 views

EUVD-2026-10093

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

8.7CVSS5.8AI score0.00512EPSS
Exploits0References3
OSV
OSV
added 2026/03/07 1:15 a.m.9 views

CVE-2026-25073

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...

5.4CVSS5.8AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2026/03/07 1:15 a.m.11 views

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

9.8CVSS5.8AI score0.00495EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 1:15 a.m.3 views

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

8.7CVSS0.00512EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 1:15 a.m.4 views

CVE-2026-25073

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...

5.4CVSS0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 1:15 a.m.4 views

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

9.8CVSS0.00495EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 1:15 a.m.21 views

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

9.8CVSS0.02999EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 12:20 a.m.3 views

CVE-2026-25073 XikeStor SKS8310-8X Stored XSS via System Name

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...

5.1CVSS5.9AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 12:20 a.m.2 views

CVE-2026-25072 XikeStor SKS8310-8X Predictable Session Identifiers

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

8.6CVSS5.8AI score0.00495EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/07 12:20 a.m.35 views

CVE-2026-25072 XikeStor SKS8310-8X Predictable Session Identifiers

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

8.6CVSS0.00495EPSS
Exploits0References2
CVE
CVE
added 2026/03/07 12:20 a.m.22 views

CVE-2026-25072

The CVE-2026-25072 issue affects XikeStor SKS8310-8X Network Switch firmware versions prior to 1.04.B07. The vulnerability resides in the /goform/SetLogin endpoint, where sessions can be hijacked due to predictable session identifiers caused by insufficiently random cookie values and exposure of ...

9.8CVSS5.8AI score0.00495EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/07 12:20 a.m.12 views

CVE-2026-25071

CVE-2026-25071 affects XikeStor SKS8310-8X network switch firmware version 1.04.B07 and earlier. The vulnerability is a missing authentication on the /switch_config.src endpoint, allowing unauthenticated remote attackers to download device configuration files, potentially exposing sensitive VLAN ...

8.7CVSS5.8AI score0.00512EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/07 12:20 a.m.2 views

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

8.7CVSS5.8AI score0.00512EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/07 12:20 a.m.27 views

CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

9.3CVSS0.02999EPSS
Exploits0References2
CVE
CVE
added 2026/03/07 12:20 a.m.12 views

CVE-2026-25070

The CVE-2026-25070 vulnerability affects XikeStor SKS8310-8X Network Switch firmware

9.8CVSS6.5AI score0.02999EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.7 views

XikeStor SKS8310-8X 跨站脚本漏洞

The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of XikeStor SKS8310-8X starting from 1.04.B07 and earlier have a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the System Name field,...

5.4CVSS5.7AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.6 views

PT-2026-23784

Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07 Description The XikeStor SKS8310-8X Network Switch firmware contains a stored cross-site scripting issue. Authenticated attackers can inject arbitrary script content through the...

5.4CVSS5.8AI score0.00188EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.9 views

XikeStor SKS8310-8X 操作系统命令注入漏洞

The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of XikeStor SKS8310-8X prior to 1.04.B07 contain a vulnerability related to operating system command injection. This vulnerability stems from the PingTestSet endpoint in the/goform/ directory, which allows fo...

9.8CVSS6.2AI score0.02999EPSS
Exploits0References3
Rows per page
Query Builder