Lucene search
K

1021 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/06 12:2 a.m.5 views

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...

4.8CVSS3.8AI score0.00223EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/04 5:16 p.m.6 views

CVE-2026-20123

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...

6.1CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/04 4:11 p.m.2 views

CVE-2026-20111 Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

4.8CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/31 12:30 a.m.9 views

EUVD-2026-5003

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...

4.8CVSS4.5AI score0.00223EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/29 6:32 p.m.42 views

CVE-2026-1601 Totolink A7000R cstecgi.cgi setUploadUserData command injection

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

6.5CVSS0.01936EPSS
Exploits1References6
CVE
CVE
added 2026/01/29 12:0 a.m.19 views

CVE-2025-69929

CVE-2025-69929 affects N3uron Web User Interface v1.21.7-240207.1047. The issue is a client-side password hashing flaw using MD5 over a predictable string format, enabling a remote attacker to escalate privileges. The CVE entry is marked with a critical base score (9.8) and a network attack vecto...

9.8CVSS6AI score0.00402EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.7 views

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability arises from certain web interface endpoints transmitting sensitive information via unencrypted HTTP traffic due to the lack of application layer...

6.5CVSS5.8AI score0.00068EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.10 views

HPE Aruba Networking Fabric Composer security vulnerabilities

HPE Aruba Networking Fabric Composer is a network orchestration software developed by the American company HPE. HPE Aruba Networking Fabric Composer has a security vulnerability, which stems from defects in its web-based management interface. This vulnerability could allow unauthenticated remote...

7.5CVSS5.8AI score0.00639EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.9 views

PT-2026-4992

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

7.5CVSS5.9AI score0.00639EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.6 views

CVE-2026-0782

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

8.8CVSS6.5AI score0.0148EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 4:16 a.m.4 views

CVE-2026-0783

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

8.8CVSS6.4AI score0.0148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:58 a.m.31 views

CVE-2026-0784 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

7.2CVSS0.0148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

TOTOLINK NR1800X 命令注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

8.8CVSS6.8AI score0.02646EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/21 4:26 p.m.20 views

CVE-2026-20109 Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise Packaged CCE and Cisco Unified Contact Center Enterprise Unified CCE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-base...

4.8CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/01/21 4:26 p.m.21 views

CVE-2026-20055

Cisco CVE-2026-20055 affects the web-based management interfaces of Packaged CCE and Unified CCE. The issue is cross-site scripting (XSS) due to insufficient input validation in the interface pages. An authenticated attacker with administrative credentials could inject script code and potentially...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2026/01/19 11:15 a.m.7 views

CVE-2026-1150

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...

8.8CVSS0.0235EPSS
Exploits1References5
NVD
NVD
added 2026/01/15 5:16 p.m.8 views

CVE-2026-20047

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

4.8CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/01/15 4:32 p.m.18 views

CVE-2026-20075

CVE-2026-20075 affects Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces. The root cause is improper validation of user input, enabling a stored cross-site scripting (XSS) vulnerability in data fields. An authenticated, remote attacker with valid admin credentials could in...

4.8CVSS5.8AI score0.00221EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/15 4:32 p.m.6 views

CVE-2026-20076 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS5.7AI score0.00238EPSS
Exploits0References1
Cisco
Cisco
added 2026/01/15 4:0 p.m.11 views

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS6.1AI score0.00238EPSS
Exploits0References1
Rows per page
Query Builder