Lucene search
K

2561 matches found

Nuclei
Nuclei
added 12 hours ago66 views

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

5.3CVSS6.2AI score0.02703EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago26 views

Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

9.3CVSS6.2AI score0.74535EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago9 views

EUVD-2025-210451

An unauthenticated path traversal vulnerability exists in the web management interface of WTI Wireless Technology, Inc. version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web roo...

7.5CVSS6.1AI score0.00565EPSS
Exploits1References3
NVD
NVD
added 3 days ago5 views

CVE-2025-70796

An unauthenticated path traversal vulnerability exists in the web management interface of WTI Wireless Technology, Inc. version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web roo...

7.5CVSS0.00565EPSS
Exploits1References2
Nuclei
Nuclei
added 6 days ago85 views

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS6.9AI score0.88874EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42048

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-12948 Stored Cross-Site Scripting (XSS)

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-12948

The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
NOZOMI
NOZOMI
added 6 days ago4 views

Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...

6.9CVSS6AI score0.00235EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56193

Name of the Vulnerable Software and Affected Versions Digi PortServer TS affected versions not specified Digi One SP affected versions not specified Digi One SP IA affected versions not specified Digi One IA affected versions not specified Description A stored cross-site scripting XSS issue exist...

4.8CVSS6.1AI score0.00269EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 4:16 p.m.8 views

CVE-2026-9105

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process...

6.8CVSS0.00554EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS7.3AI score0.01614EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11557

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS8.4AI score0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11524

A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow. The attack may be...

9CVSS8.3AI score0.00466EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 6:16 p.m.14 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS0.00907EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 6:16 p.m.14 views

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS0.01614EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:15 p.m.10 views

CVE-2026-11557

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS8.4AI score0.00476EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/08 6:15 p.m.39 views

CVE-2026-11557 Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS0.00476EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 6:15 p.m.29 views

CVE-2026-11557

The CVE-2026-11557 entry describes a vulnerability in Tenda F451 firmware (versions 1.0.0.7/1.0.0.9) affecting the Web Management Interface. The issue is in the function fromNatlimit in /goform/Natlimit, where manipulating the argument page can trigger a stack-based buffer overflow. The attack is...

9CVSS6.2AI score0.00476EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:0 p.m.10 views

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS5.2AI score0.01614EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder