Lucene search
K

91 matches found

RedhatCVE
RedhatCVE
added 2025/02/04 11:38 p.m.7 views

CVE-2024-40693

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing furth...

8CVSS6.7AI score0.00374EPSS
Exploits0References1
NVD
NVD
added 2025/01/08 4:15 p.m.13 views

CVE-2025-20123

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based...

4.8CVSS0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/17 12:0 a.m.11 views

CVE-2024-55514

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadsfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions...

6.8AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/06 6:36 a.m.27 views

CVE-2024-23188

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...

6.5CVSS6.7AI score0.00526EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.5 views

PT-2023-5856 · Supermicro · Supermicro X11Sse-F +1

Name of the Vulnerable Software and Affected Versions: Supermicro X11SSM-F version 1.66 Supermicro X11SAE-F version 1.66 Supermicro X11SSE-F version 1.66 Description: An issue exists in the web interface of Supermicro X11 series BMC IPMI servers due to inadequate protection of the web page...

8.3CVSS5.7AI score0.00563EPSS
Exploits0References15
CVE
CVE
added 2023/06/07 7:50 p.m.363 views

CVE-2023-34237

SABnzbd (Usenet downloader) is affected by CVE-2023-34237 due to a design flaw in the Notification Script parameters that enables remote code execution with SABnzbd process privileges. Exploitation requires access to the web interface; remote access is possible if the instance is exposed to the i...

9.8CVSS9.8AI score0.01731EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2023/05/20 12:0 a.m.10 views

Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

Cisco Smart Software Manager On-Prem SSM On-Prem is a Cisco component for Cisco product license management. Cisco Smart Software Manager On-Prem SSM On-Prem suffers from a SQL injection vulnerability that originates from the web-based management interface not adequately validating user input. An...

6.5CVSS7.6AI score0.01152EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.4 views

PT-2023-2828 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Identity Services Engine ISE that could allow an authenticated attacker to delete or read arbitrary...

6.8CVSS6.5AI score0.00382EPSS
Exploits0References6
Prion
Prion
added 2022/06/16 11:15 p.m.13 views

Default credentials

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface...

4.3CVSS6.6AI score0.01811EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/03/10 5:42 p.m.17 views

CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

4.3CVSS0.01212EPSS
Exploits0References3
CNVD
CNVD
added 2021/11/03 12:0 a.m.5 views

Fortinet FortiPortal Denial of Service Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability in the web interface of Fortinet FortiPortal prior to 6.0.6 with...

6.1CVSS6.8AI score0.00562EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/28 12:0 a.m.1 views

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...

5.4CVSS8.4AI score0.0096EPSS
Exploits0References5
CNVD
CNVD
added 2021/04/14 12:0 a.m.6 views

Grandstream GRP261x VoIP phone running firmware license issue vulnerability

The Grandstream GRP261x VoIP phone is an IP phone from Grandstream USA. A carrier-grade IP phone designed for large-scale deployments. A security vulnerability exists in the Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 that allows authentication bypass in its administration web...

10CVSS7.3AI score0.01822EPSS
Exploits0References1
CNVD
CNVD
added 2021/01/21 12:0 a.m.4 views

Cisco Data Center Network Manager Reflective File Download Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A reflective file download vulnerability exists in the Web management interface of...

6.5CVSS7.3AI score0.0094EPSS
Exploits0References1
EUVD
EUVD
added 2021/01/20 8:11 p.m.7 views

EUVD-2021-6605

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...

10CVSS9.9AI score0.04383EPSS
Exploits0References1
OSV
OSV
added 2020/06/03 1:15 p.m.5 views

CVE-2020-7116

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...

7.2CVSS7.2AI score0.03325EPSS
Exploits0References1
CVE
CVE
added 2020/01/06 9:16 p.m.153 views

CVE-2014-9405

CVE-2014-9405 is an XSS in Freebox OS Web interface 3.0.2. The vulnerability is in the description field of a Download RSS item or Contacts, allowing injected script when a user views the feed or imported VCARD content. Root cause: insufficient input filtering in the web interface; impact describ...

5.4CVSS5.4AI score0.01505EPSS
Exploits2References4Affected Software1
Tibco
Tibco
added 2019/10/02 6:34 p.m.18 views

TIBCO Security Advisory: October 8, 2019 - TIBCOMDM

TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities Original release date:October 8, 2019 Last revised: CVE-2019-11212 Source: TIBCO Software Inc. TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities Original release date: October 8, 2019 Last revised: --- Source: TIBCO Software Inc. Systems...

3.5CVSS6.3AI score0.00684EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2019/05/16 1:10 a.m.30 views

CVE-2019-1822 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because t...

8.8CVSS7AI score0.04415EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/03/06 12:0 a.m.5 views

PT-2019-1583 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center versions prior to 1.2.5 Description: A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...

5.5CVSS5.3AI score0.00876EPSS
Exploits0References5
Rows per page
Query Builder