Lucene search
K

255 matches found

NVD
NVD
added 2025/08/19 6:15 p.m.8 views

CVE-2025-9151

A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...

6.5CVSS0.0026EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.4 views

ThriveX-Blog 安全漏洞

ThriveX-Blog is a blog management system by the individual developer LiuYuYang01. A security vulnerability exists in ThriveX-Blog 3.1.7 and earlier versions, which originates from an improper authorization issue in the function updateJsonValueByName in the file /webconfig/json/name/web...

6.5CVSS6.8AI score0.0026EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/06/10 12:0 a.m.5 views

The vulnerability of the formSetSafeWanWebMan() function (/goform/SetRemoteWebCfg) in the Tenda AC15 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetSafeWanWebMan function /goform/SetRemoteWebCfg in the Tenda AC15 router software exists because the operation is performed outside the buffer in memory when processing the remoteIp parameter. Exploiting this vulnerability could allow a malicious actor to compromise...

9CVSS7.9AI score0.00776EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/09 12:31 a.m.13 views

CVE-2025-5853 Tenda AC6 SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow

A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely...

9CVSS9AI score0.04805EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.3 views

CVE-2023-22452

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

6.5CVSS6.8AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:47 a.m.13 views

CVE-2023-4462

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...

5.9CVSS6.8AI score0.0092EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.8 views

CVE-2023-0432

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

9CVSS7.6AI score0.01142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.9 views

CVE-2023-35835

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...

9.8CVSS7.4AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 p.m.7 views

CVE-2020-13124

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system...

8.8CVSS7.9AI score0.04626EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:3 p.m.9 views

CVE-2020-18885

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...

7.2CVSS8.4AI score0.03871EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:16 p.m.5 views

CVE-2020-18229

Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgcopyright" of component " /admin/webconfig.php"...

4.8CVSS6.8AI score0.00932EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.15 views

CVE-2019-13523

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs Network Video Recorders, which can be accessed without authentication over the network...

5.3CVSS7.3AI score0.0183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 a.m.6 views

CVE-2019-13923

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway All versions. The integrated configuration web server of the affected device could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for ...

9.6CVSS6AI score0.0112EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 2:15 p.m.15 views

CVE-2025-22370

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

5.3CVSS0.00392EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/11 1:40 p.m.4 views

CVE-2025-22370 Mennekes smart/premium charges systems, SQL Injection in web configuration interface

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

5.3CVSS8AI score0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/28 12:0 a.m.3 views

TOTOLINK A3000Ru 安全漏洞

The TOTOLINK A3000RU is a home wireless router. The TOTOLINK A3000RU suffers from a hard-coded password vulnerability that originates from the use of hard-coded passwords in the /webcste/cgi-bin/product.ini file. An attacker can exploit the vulnerability by using a hard-coded password to access t...

8.8CVSS6.9AI score0.00747EPSS
Exploits1References5
NVD
NVD
added 2024/06/14 5:15 a.m.20 views

CVE-2024-3498

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...

7.8CVSS0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/14 4:20 a.m.23 views

CVE-2024-3498 Incorrect Permission Assignment Privilege Escalation Vulnerability

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...

7.8CVSS7.4AI score0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/14 4:20 a.m.22 views

CVE-2024-3498 Incorrect Permission Assignment Privilege Escalation Vulnerability

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...

7.8CVSS0.00322EPSS
Exploits0References3
CVE
CVE
added 2024/06/14 4:20 a.m.52 views

CVE-2024-3498

Summary of CVE-2024-3498 : Affects Toshiba e-STUDIO/Tec MFPs where an improper permission assignment enables attackers who can access the device to enable certain web-configured services and elevate privileges to root, potentially allowing arbitrary code execution. The issue is tied to multiple r...

7.8CVSS7.8AI score0.00322EPSS
Exploits0References3
Rows per page
Query Builder