38 matches found
PT-2026-25003
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...
PT-2025-51915
Name of the Vulnerable Software and Affected Versions HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower Description A flaw exists in the way the software handles path-relative stylesheet imports. This could allow for the execution of malicious code within specific web pages...
CVE-2025-65287
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path /var/www/files/userScript/ using memcpy + strcat without validation or...
EUVD-2019-3798
Malware in sbrugna...
EUVD-2016-6909
Malware in sbrugna...
EUVD-2016-6910
Malware in sbrugna...
EUVD-2022-36777
Malicious code in bioql PyPI...
EUVD-2023-50564
Malicious code in bioql PyPI...
EUVD-2025-28571
Malicious code in bioql PyPI...
ARD GEC en Ligne 安全漏洞
ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from insufficient validation of transactionID parameter input validation and output encoding, which could lead to cross-site scripting attacks...
CVE-2025-10546
Vulnerability: CVE-2025-10546 affects PPC 2K15X Router. Root cause: improper input validation of CGI parameters in the web management portal. Impact: remote attacker can inject JavaScript to achieve reflected XSS on the target system. Exploitation status: described as remote/network-based, with u...
Tenda AC6 V5.0 web portal authentication unencrypted transmission of credentials vulnerability
Talos Vulnerability Report TALOS-2025-2162 Tenda AC6 V5.0 web portal authentication unencrypted transmission of credentials vulnerability August 20, 2025 CVE Number CVE-2025-27564 SUMMARY A unencrypted transmission of credentials vulnerability exists in the web portal authentication functionality...
CVE-2025-54862
Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...
CVE-2025-54862 Santesoft Sante PACS Server Cross-site Scripting
Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...
PT-2025-33703 · Unknown · Sante Pacs Server
Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: Sante PACS Server web portal is susceptible to stored cross-site scripting. An attacker can inject malicious HTML code, potentially redirecting a user to a malicious webpage and...
CVE-2025-4635
CVE-2025-4635 affects the jct-aq Airpointer 2D device (diagnostics module) and is described as a remote code execution via manipulation of the Diagnostics module by a user with administrative privileges. The Red Hat and NVD entries corroborate that an attacker with high privileges in the web port...
PT-2025-23271 · Unknown · Airpointer
Name of the Vulnerable Software and Affected Versions: airpointer version 2.4.107-2 Description: The web portal on airpointer presented a local file inclusion issue. A malicious user with administrative privileges in the web portal could manipulate requests to view files on the filesystem...
CVE-2024-26155
All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable ...
CVE-2023-46344
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting XSS vulnerability in the switch group function under /ilang=DE=csmartenergyswgroups in the web...
CVE-2022-27969
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers...