CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

EUVD-2019-2074

Malware in sbrugna...

EUVD-2016-2557

Malware in sbrugna...

EUVD-2020-10232

Malware in sbrugna...

EUVD-2019-13478

Malware in sbrugna...

EUVD-2017-5692

Malware in sbrugna...

EUVD-2021-13511

Malware in sbrugna...

EUVD-2020-21412

Malware in sbrugna...

EUVD-2020-5097

Malware in sbrugna...

EUVD-2021-21400

Malware in sbrugna...

EUVD-2021-8253

Malicious code in bioql PyPI...

EUVD-2023-44315

Malicious code in bioql PyPI...

EUVD-2023-57943

Malicious code in bioql PyPI...

CVE-2025-26793

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

CVE-2020-18305

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges...

CVE-2021-20843

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...

CVE-2021-20843

The CVE-2021-20843 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210). Root cause: Cross-site script inclusion in the Web GUI that can allow an authenticated user to alter settings via a crafted page. Verified fixes are firmware updates: RTX830 Rev.15.02.20; NVR510 Rev.15.01.21; NVR700W Re...

CVE-2020-12814

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI...

Secomea GateManager Cross-Site Scripting Vulnerability

GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the web GUI of Secomea GateManager versions prior to 9.4. The vulnerability stems from improper input validation. An attacker can exploit the vulnerability to execute arbitrary javascript code...

CVE-2017-12226

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E Wireless Switches, and Cisco New Generation Wireless Controllers NGWC 3850 could allow an authenticated, remote attacker to elevate...