Lucene search
K

1426 matches found

Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.10 views

PT-2026-7598

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2026/02/03 4:55 p.m.7 views

An AI plush toy exposed thousands of private chats with children

Bondu’s AI plush toy exposed a web console that let anyone with a Gmail account read about 50,000 private chats between children and their cuddly toys. Bondu's toy is marketed as: “A soft, cuddly toy powered by AI that can chat, teach, and play with your child.” What it doesn’t say is that anyone...

5.3AI score
Exploits0
OSV
OSV
added 2026/01/30 11:16 p.m.4 views

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

8.8CVSS6.4AI score0.0104EPSS
Exploits1References3
NVD
NVD
added 2026/01/30 11:16 p.m.10 views

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

8.8CVSS0.0104EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

8.8CVSS6.6AI score0.0104EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.7 views

CVE-2020-37032 Wing FTP Server 6.3.8 - Remote Code Execution

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

8.8CVSS6.5AI score0.0104EPSS
Exploits1References3
CVE
CVE
added 2026/01/30 10:7 p.m.18 views

CVE-2020-37032

Wing FTP Server 6.3.8 is affected by a remote code execution flaw in the Lua-based web console. The issue allows authenticated users to send crafted POST requests that trigger operating system commands via os.execute(), enabling arbitrary code execution on the server. Affected component: Lua-base...

8.8CVSS6.6AI score0.0104EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.35 views

CVE-2020-37032 Wing FTP Server 6.3.8 - Remote Code Execution

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

8.8CVSS0.0104EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5473

Name of the Vulnerable Software and Affected Versions Wing FTP Server version 6.3.8 Description The software contains a remote code execution issue in its Lua-based web console. Authenticated users can execute system commands by sending malicious commands via POST requests. The os.execute functio...

8.8CVSS6.6AI score0.0104EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.6 views

Wing FTP Server: Operating System Command Injection Vulnerability

Wing FTP Server is an open-source, cross-platform FTP server software developed by Wing FTP Server. Version 6.3.8 of Wing FTP Server contains a vulnerability related to operating system command injection. This vulnerability stems from the command execution feature in the Lua-based Web console,...

8.8CVSS6AI score0.0104EPSS
Exploits1References3
Wired Threat Level
Wired Threat Level
added 2026/01/29 5:0 p.m.6 views

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account

AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had with the company’s stuffed animals...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/13 10:43 p.m.5 views

CVE-2026-0824

A flaw was found in QuestDB UI. A remote attacker could exploit a cross-site scripting XSS vulnerability by manipulating the Web Console component. This could allow the attacker to inject malicious scripts into web pages, potentially leading to information disclosure or arbitrary code execution i...

5.1CVSS6.3AI score0.00242EPSS
Exploits0References11
Snyk
Snyk
added 2026/01/10 3:31 p.m.4 views

Cross-site Scripting (XSS)

Overview @questdb/web-console is a QuestDB Web Console Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Web Console component. An attacker can inject and execute arbitrary scripts by submitting crafted input that is not properly sanitized. Details Cross-site...

5.1CVSS6AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2026/01/10 3:31 p.m.3 views

GHSA-XF94-H87H-G9WR QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

5.1CVSS5.5AI score0.00242EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/01/10 3:31 p.m.7 views

QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

5.1CVSS5.6AI score0.00242EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/01/10 2:32 p.m.5 views

CVE-2026-0824 questdb ui Web Console cross site scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

5.1CVSS4.2AI score0.00242EPSS
Exploits0References11
EUVD
EUVD
added 2026/01/10 2:32 p.m.6 views

EUVD-2026-1842

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

5.1CVSS3.4AI score0.00242EPSS
Exploits0References9
CVE
CVE
added 2026/01/10 2:32 p.m.17 views

CVE-2026-0824

CVE-2026-0824 affects QuestDB UI Web Console (up to version 1.11.9). The vulnerability is an XSS in an unknown Web Console function that can be exploited remotely. Public exploits are reported, and a fix is planned for QuestDB 9.3.0 with a patch identified as b42fd9f18476d844ae181a10a249e003dafb8...

5.1CVSS5.3AI score0.00242EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/01/10 2:32 p.m.3 views

CVE-2026-0824 questdb ui Web Console cross site scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

5.1CVSS5.3AI score0.00242EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/01/10 2:32 p.m.29 views

CVE-2026-0824 questdb ui Web Console cross site scripting

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...

5.1CVSS0.00242EPSS
Exploits0References9
Rows per page
Query Builder