CVE-2025-36088 IBM TS4500 cross-site scripting

IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

Multiple vulnerabilities in ELECOM wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-46267 OS command injection in WebGUI CWE-78 - CVE-2025-53472 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

CVE-2025-27022

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

CVE-2025-45424

Xinference prior to v1.4.0 has an authentication bypass in the Web GUI due to incorrect access control. This affects Xinference’s Web GUI exposure and could allow an unauthenticated user to access the interface. The issue is documented across multiple sources (e.g., Red Hat, NVD, OSV, and PT Secu...

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

PT-2025-27660 · Unknown · Xinference

Name of the Vulnerable Software and Affected Versions: Xinference versions prior to 1.4.0 Description: The issue is related to incorrect access control, allowing attackers to access the Web GUI without authentication. Recommendations: For versions prior to 1.4.0, update to version 1.4.0 or later ...

VulnCheck KEV: CVE-2025-26793

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials...

CVE-2022-39811

Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassin...

CVE-2021-20844

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive...

CVE-2021-42369

Imagicle Application Suite for Cisco UC before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...

CVE-2013-1615

The management console aka Java console on the Symantec Security Information Manager SSIM appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls...

CVE-2018-7652

lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS...

CVE-2025-46617

Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and...

CVE-2025-46617

Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and...

CVE-2025-46616

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution RCE via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage...

Quantum StorNext Web GUI API 信任管理问题漏洞

The Quantum StorNext Web GUI API is a high-performance file sharing and data management interface from Quantum. A security vulnerability exists in the Quantum StorNext Web GUI API prior to version 7.2.4, which stems from possible access to internal configurations and modification of software...

CVE-2025-46617

The CVE-2025-46617 issue affects Quantum StorNext components: StorNext RYO, StorNext Xcellis Workflow Director, and ActiveScale Cold Storage, all prior to version 7.2.4. The vulnerability enables access to internal StorNext configuration and allows unauthorized modification of several software co...