Lucene search
K

4482 matches found

Nuclei
Nuclei
added yesterday25 views

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

5.3CVSS6.2AI score0.02703EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago117 views

Viessmann Vitogate 300 - Hardcoded Password

A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface. id: CVE-2023-5222 info: name: Viessmann Vitogate 300 - Hardcoded Password author: ritikchaddha severity: critical description: | A critica...

9.8CVSS6.7AI score0.74697EPSS
Exploits4References3
Nuclei
Nuclei
added 2 days ago84 views

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS6.9AI score0.88874EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago25 views

Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

9.3CVSS6.2AI score0.74535EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago8 views

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. id: CVE-2025-34023 info: name: Karel IP Phone IP1211 Web Management Pane...

8.5CVSS6.1AI score0.01409EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42048

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-12948

The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...

4.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2026/06/30 7:16 a.m.7 views

CVE-2026-56808

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product...

8.6CVSS0.0155EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 6:0 a.m.5 views

EUVD-2026-40265

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 6:0 a.m.24 views

CVE-2026-56808

The CVE-2026-56808 entry concerns the DGM3103SCT device from AVTECH Security Corporation. The vulnerability is described as an OS command injection that can allow arbitrary command execution with root privileges by a user who can log in to the device’s web management console. The available connec...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 4:16 p.m.8 views

CVE-2026-9105

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process...

6.8CVSS0.00554EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS7.3AI score0.01614EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11557

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS8.4AI score0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11524

A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be...

9CVSS8.3AI score0.00466EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 7:16 p.m.12 views

CVE-2026-11557

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS0.00476EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 6:16 p.m.14 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS0.00907EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 6:16 p.m.14 views

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS0.01614EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:15 p.m.10 views

CVE-2026-11557

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS8.4AI score0.00476EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 6:15 p.m.8 views

CVE-2026-11557 Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS8.4AI score0.00476EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/08 6:15 p.m.37 views

CVE-2026-11557 Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS0.00476EPSS
Exploits0References6
Rows per page
Query Builder