CVE-2023-53770

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...

CVE-2020-36895 EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

EUVD-2023-60182

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...

CVE-2023-53770 MiniDVBLinux 5.4 Unauthenticated Configuration Download via Backup Endpoint

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...

PT-2025-49248

Name of the Vulnerable Software and Affected Versions Fanvil x210 V2 version 2.12.20 Description A directory traversal issue exists in Fanvil x210 V2 version 2.12.20. An unauthenticated attacker on the local network can store files in arbitrary locations. This could potentially lead to modificati...

EUVD-2019-19377

Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/syssystemconfig management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. T...

CVE-2019-25227

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/systemconfigfile management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration...

CVE-2019-25227

Tellion HN-2204AP routers are affected by CVE-2019-25227 due to an unauthenticated disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without authentication or authorization, potentially expos...

CVE-2019-25227 Tellion HN-2204AP Unauthenticated Configuration Disclosure

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/systemconfigfile management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration...

CVE-2019-25227 Tellion HN-2204AP Unauthenticated Configuration Disclosure

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/systemconfigfile management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration...

CVE-2019-25226

Dongyoung Media DM-AP240T/W wireless access points are affected by an unauthenticated configuration disclosure through the /cgi-bin/sys_system_config endpoint, which allows remote retrieval of a compressed configuration archive without authentication. The exposed data may include administrative c...

CVE-2025-64758

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

CVE-2025-64758

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

GHSA-7XVH-C266-CFR5 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message

Description Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission can configure a "welcome message", which is HTML that is to be rendered on the login page for branding purposes. When rendering the welcome message, Dependency-Track versions before 4.13.6 did not...

@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message

Description Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission can configure a "welcome message", which is HTML that is to be rendered on the login page for branding purposes. When rendering the welcome message, Dependency-Track versions before 4.13.6 did not...

EUVD-2025-197853

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

CVE-2025-64758 @dependencytrack/frontend Vulnerable to Persistent Cross-Site-Scripting via Welcome Message

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

CVE-2025-64758

CVE-2025-64758 affects Dependency-Track frontend (SPA). From 4.12.0 up to before 4.13.6, administrators with SYSTEM_CONFIGURATION could configure a login-page welcome message that was not properly sanitized, allowing arbitrary JavaScript to execute in users’ browsers. The issue results in a persi...

CVE-2025-64758 @dependencytrack/frontend Vulnerable to Persistent Cross-Site-Scripting via Welcome Message

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

CVE-2025-60683

The CVE-2025-60683 entry concerns the TOTOLINK ToToLink A720R Router firmware (V4.1.5cu.614_B20230630). The sysconf binary’s sub_40BFA4 handling of network interface reinitialization from '/var/system/linux_vlan_reinit' concatenates unescaped input into shell commands after only partial validatio...