Lucene search
K

4976 matches found

Nuclei
Nuclei
added 8 hours ago11 views

VMware NSX SD-WAN Edge - Command Injection

VMware NSX SD-WAN Edge formerly VeloCloud Edge before 3.1.2 contains an unauthenticated command injection in the local web UI diagnostic tools Ping/Traceroute. This template detects it reliably by injecting 'id', 'whoami', and a random marker. id: CVE-2018-6961 info: name: VMware NSX SD-WAN Edge ...

8.1CVSS7AI score0.86431EPSS
Exploits6References3
Nuclei
Nuclei
added 8 hours ago66 views

Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS7.1AI score0.80635EPSS
Exploits3References5
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-42722

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score0.00928EPSS
Exploits0References5
CVE
CVE
added 4 days ago10 views

CVE-2026-59223

Open WebUI vulnerability CVE-2026-59223 affects the WEB_FETCH_FILTER_LIST logic prior to 0.10.0, allowing path-based blocklist bypasses (e.g., !internal.example.com in a URL path) and misalignment with hostname policy for sibling-domain matches. The issue is fixed in version 0.10.0. Impact is a p...

4.3CVSS6AI score0.00223EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-5922 Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 12:31 a.m.7 views

EUVD-2026-41454

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to an...

8.6CVSS6.1AI score0.00546EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 12:16 a.m.9 views

CVE-2026-13371

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...

6.9CVSS0.0031EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13384

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to an...

8.6CVSS0.00546EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:8 p.m.28 views

CVE-2026-13050

Summary (CVE-2026-13050): An out-of-bounds write in WatchGuard Fireware OS is exposed via the networkd component. An authenticated privileged user can trigger arbitrary code execution by sending specially crafted requests to the Management Web UI. Affected: Fireware OS versions 11.8 (through 11.1...

8.6CVSS6.1AI score0.00439EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:8 p.m.10 views

CVE-2026-13050

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 11.8 up to and including 11.12.4Update1, 12.0 up ...

8.6CVSS6.1AI score0.00439EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:8 p.m.43 views

CVE-2026-13050 WatchGuard Firebox networkd Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 11.8 up to and including 11.12.4Update1, 12.0 up ...

8.6CVSS0.00439EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:7 p.m.11 views

CVE-2026-13054

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1...

8.6CVSS5.9AI score0.00459EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:7 p.m.42 views

CVE-2026-13054 WatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UI

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1...

8.6CVSS0.00459EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:5 p.m.22 views

CVE-2026-13384

CVE-2026-13384 is an Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent. An authenticated privileged user could remotely execute arbitrary code via specially crafted requests to the Management Web UI. Affected: Fireware OS 12.1–12.12 and 2025.1–2026.2. CVSS details indicate netwo...

8.6CVSS6.1AI score0.00546EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:5 p.m.10 views

CVE-2026-13383

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to a...

8.6CVSS6.1AI score0.00546EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:4 p.m.31 views

CVE-2026-13371 WatchGuard Firebox Management Web UI Denial of Service via Unsafe Deserialization

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...

6.9CVSS0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55324

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description A path traversal issue in the Management Web UI allows a privileg...

8.6CVSS6AI score0.00459EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55322

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.8 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the networkd process. This...

8.6CVSS6.3AI score0.00439EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/30 8:22 p.m.7 views

EUVD-2025-210382

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.5AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54170

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the WebUI allows a remote attacker to leak cross-origin data through malicious network traffic. Cross-origin data leakage occurs when a...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
Rows per page
Query Builder