1021 matches found
CVE-2026-1971
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...
CVE-2026-20123
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...
CVE-2026-20111 Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...
EUVD-2026-5003
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...
CVE-2026-1601 Totolink A7000R cstecgi.cgi setUploadUserData command injection
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...
CVE-2025-69929
CVE-2025-69929 affects N3uron Web User Interface v1.21.7-240207.1047. The issue is a client-side password hashing flaw using MD5 over a predictable string format, enabling a remote attacker to escalate privileges. The CVE entry is marked with a critical base score (9.8) and a network attack vecto...
TP-Link VX800v security vulnerability
The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability arises from certain web interface endpoints transmitting sensitive information via unencrypted HTTP traffic due to the lack of application layer...
HPE Aruba Networking Fabric Composer security vulnerabilities
HPE Aruba Networking Fabric Composer is a network orchestration software developed by the American company HPE. HPE Aruba Networking Fabric Composer has a security vulnerability, which stems from defects in its web-based management interface. This vulnerability could allow unauthenticated remote...
PT-2026-4992
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...
CVE-2026-0782
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
CVE-2026-0783
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
CVE-2026-0784 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability
ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...
TOTOLINK NR1800X 命令注入漏洞
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...
CVE-2026-20109 Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerability
Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise Packaged CCE and Cisco Unified Contact Center Enterprise Unified CCE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-base...
CVE-2026-20055
Cisco CVE-2026-20055 affects the web-based management interfaces of Packaged CCE and Unified CCE. The issue is cross-site scripting (XSS) due to insufficient input validation in the interface pages. An authenticated attacker with administrative credentials could inject script code and potentially...
CVE-2026-1150
A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely...
CVE-2026-20047
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
CVE-2026-20075
CVE-2026-20075 affects Cisco EPNM and Cisco Prime Infrastructure web-based management interfaces. The root cause is improper validation of user input, enabling a stored cross-site scripting (XSS) vulnerability in data fields. An authenticated, remote attacker with valid admin credentials could in...
CVE-2026-20076 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...