Lucene search
K

255 matches found

Vulnrichment
Vulnrichment
added 2025/12/30 5:2 p.m.3 views

CVE-2025-15257 Edimax BR-6208AC Web-based Configuration formRoute command injection

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

7.5CVSS7.1AI score0.04442EPSS
Exploits1References4
Snyk
Snyk
added 2025/12/18 8:46 p.m.5 views

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute via the SetValue method in the CookieHelper class. The requireSSL...

6.9CVSS6.8AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 8:15 p.m.5 views

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS5.8AI score0.00162EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.4 views

CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS6.7AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52324

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A configuration issue in Kentico Xperience related to cookie security allows attackers to bypass SSL requirements when setting administration cookies through the web.config file. Th...

6.9CVSS6.6AI score0.00162EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/12 7:57 p.m.25 views

CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

8.8CVSS0.01393EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 7:57 p.m.7 views

CVE-2024-58314

CVE-2024-58314 affects Atcom 100M IP Phones firmware v2.7.x.x. An authenticated command-injection vulnerability exists in the web configuration CGI script, allowing execution of arbitrary system commands via the cmd parameter in web_cgi_main.cgi . This enables remote code execution with administr...

8.8CVSS8.7AI score0.01393EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 7:57 p.m.2 views

CVE-2024-58314 Atcom 2.7.x.x Authenticated Command Injection via Web Configuration CGI

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

8.8CVSS8.7AI score0.01393EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

ATCOM 100M 操作系统命令注入漏洞

ATCOM 100M is an IP phone from ATCOM Greece. An operating system command injection vulnerability exists in ATCOM 100M version 2.7.x.x. The vulnerability stems from a command injection in the web configuration CGI script, which could lead to the execution of arbitrary system commands...

8.8CVSS7.6AI score0.01393EPSS
Exploits0References3
OSV
OSV
added 2025/12/10 7:16 p.m.6 views

CVE-2025-34429

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

7.1CVSS6.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.2 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : CUPS vulnerability (USN-7897-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7897-1 advisory. It was discovered that CUPS incorrectly handled input from users in the web configuration settings...

6.7CVSS6.3AI score0.00409EPSS
Exploits1References2
OSV
OSV
added 2025/12/02 1:15 p.m.5 views

CVE-2025-11779

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

9.8CVSS6.1AI score0.01334EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 12:57 p.m.13 views

CVE-2025-11779

CVE-2025-11779 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. A stack-based buffer overflow in the SetLan function is triggered when applying a new configuration via the management web interface (index.cgi). Un-sanitised configuration parameters can lead to command injection. Publicly referenced ...

9.8CVSS6.9AI score0.01334EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2025/11/28 12:0 a.m.7 views

Ubuntu: Security Advisory (USN-7897-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS6.5AI score0.00409EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2025/11/27 3:59 p.m.6 views

USN-7897-1: CUPS vulnerability

It was discovered that CUPS incorrectly handled input from users in the web configuration settings. An attacker could use this issue to insert malicious configuration options, causing a denial of service or possibly executing arbitrary code...

6.7CVSS5.5AI score0.00409EPSS
Exploits1
OSV
OSV
added 2025/11/27 3:59 p.m.5 views

USN-7897-1 cups vulnerability

It was discovered that CUPS incorrectly handled input from users in the web configuration settings. An attacker could use this issue to insert malicious configuration options, causing a denial of service or possibly executing arbitrary code...

6.7CVSS6.3AI score0.00409EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/21 2:36 a.m.4 views

EUVD-2025-198375

EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack...

9.8CVSS6.6AI score0.00413EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/28 12:15 p.m.9 views

CVE-2025-1036

Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device...

8.7CVSS0.0109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 12:28 a.m.11 views

CVE-2025-52263

An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...

8CVSS7.4AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/28 12:0 a.m.19 views

CVE-2025-60805

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...

0.00328EPSS
Exploits0References3
Rows per page
Query Builder