Lucene search
K

1147 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.10 views

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

6.1AI score0.01186EPSS
Exploits3References2
CVE
CVE
added 2026/05/08 12:0 a.m.51 views

CVE-2025-67888

Control Web Panel (CWP) before 0.9.8.1209 is affected by an unauthenticated OS command injection flaw. User input passed in the GET parameter “key” to /admin/index.php (when the “api” parameter is set) is not properly sanitized, allowing an attacker to inject and execute arbitrary commands with r...

7.3CVSS6.1AI score0.01186EPSS
Exploits3References3
NVD
NVD
added 2026/05/01 6:16 p.m.8 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS0.00354EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.4 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

5.9AI score0.00354EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.32 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

0.00354EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/01 12:0 a.m.6 views

EUVD-2025-209607

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS5.9AI score0.00354EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.6 views

PT-2026-36527

Name of the Vulnerable Software and Affected Versions GSVoIP web panel version 2.0.90 Description A Cross-Site Scripting XSS issue exists where the /painel/gateways.php/error endpoint fails to properly sanitize user-supplied input in the msg parameter. This allows a remote attacker to inject...

6.1CVSS5.9AI score0.00354EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.2 views

CVE-2025-69606

Cross-Site Scripting XSS vulnerability was discovered in the GSVoIP web panel version 2.0.90. The msg parameter in the /painel/gateways.php/error endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker ca...

6.1CVSS5.9AI score0.00354EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.12 views

Solutions VoIP GSVoIP web panel 跨站脚本漏洞

Solutions VoIP GSVoIP web panel is a VoIP management interface from Solutions VoIP. A cross-site scripting vulnerability in the Solutions VoIP GSVoIP web panel version 2.0.90, which stems from improperly cleaned user input for the msg parameter in the /painel/gateways.php/error endpoint, could le...

6.1CVSS5.8AI score0.00354EPSS
Exploits1References1
CVE
CVE
added 2026/05/01 12:0 a.m.15 views

CVE-2025-69606

GSVoIP Web Panel 2.0.90 is affected by an XSS in the msg parameter of /painel/gateways.php/error, where user input is not properly sanitized. Root cause: lack of input validation/encoding allows arbitrary JavaScript in HTML response, enabling client-side attacks (e.g., script execution, session h...

6.1CVSS5.9AI score0.00354EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/04/30 7:52 p.m.120 views

Exploit for CVE-2025-69606

CVE-2025-69606 — Reflected XSS in GSVoIP Web Panel Severi...

5.9AI score0.00354EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.3 views

PT-2026-30044

Name of the Vulnerable Software and Affected Versions Control Web Panel affected versions not specified Description A remote code execution issue exists in Control Web Panel. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

6.5AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.7 views

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

8.1CVSS6AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 9:16 p.m.11 views

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

8.1CVSS0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

OpenCode Systems OC Messaging / USSD Gateway OC 安全漏洞

OpenCode Systems OC Messaging/USSD Gateway OC is a telecommunications operator messaging gateway system developed by OpenCode Company in the UK. Version 6.32.2 of OpenCode Systems OC Messaging/USSD Gateway OC contains a security vulnerability. This vulnerability stems from access control flaws in...

8.1CVSS5.9AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 12:0 a.m.5 views

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

5.9AI score0.00261EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/01/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

9.8CVSS6.5AI score0.03146EPSS
In wildExploits3References5
Saint
Saint
added 2026/01/21 12:0 a.m.120 views

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

6AI score
Exploits0
Saint
Saint
added 2026/01/21 12:0 a.m.115 views

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

6.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/01/16 6:49 p.m.29 views

Metasploit Wrap-Up 01/16/2026

Persistence, dMSA Abuse & RCE Goodies This week, we have received a lot of contributions from the community, such as h00die, Chocapikk and countless others, which is greatly appreciated. This week’s modules and improvements in Metasploit Framework range from new modules, such as dMSA Abuse...

9.9CVSS7.5AI score0.97875EPSS
Exploits35
Rows per page
Query Builder