7576 matches found
CVE-2025-37182
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...
CVE-2025-37181 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...
CVE-2025-37171
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...
CVE-2025-37175 Authenticated Arbitrary File Upload Vulnerability in AOS-10 or AOS-8 Web-Based Management Interface
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...
HPE AOS 安全漏洞
HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS that stems from improper handling of input in the web-based management interface, which could trigger unexpected behavior...
CVE-2021-28006
Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...
CVE-2021-28007
Web Based Quiz System 1.0 is affected by cross-site scripting XSS in register.php through the name parameter...
CVE-2022-35422
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php...
CVE-2024-34927
A SQL injection vulnerability in /model/updateclassroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2025-23053
A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system...
CVE-2023-4149
A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management...
CVE-2021-41083
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any...
GESTSUP 跨站请求伪造漏洞
GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A cross-site request forgery vulnerability exists in GestSup 3.2.56 and prior versions, which stems from the application's failure to validate the...
GESTSUP SQL注入漏洞
GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GestSup 3.2.56 and prior versions, which stems from user-controlled inputs in the work order creation...
TinyFileManager Path Traversal Vulnerability
TinyFileManager is a web-based file manager. It is used to store, upload, edit and manage files and folders online through a web browser. TinyFileManager has a path traversal vulnerability that stems from the parameter fullpath in the file tinyfilemanager.php failing to correctly filter special...
Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability
A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...
CVE-2025-15256 Edimax BR-6208AC Web-based Configuration formStaDrvSetup command injection
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack i...
Priority Web 跨站脚本漏洞
Priority Web is the Web side of an Enterprise Resource Planning system from Priority Israel. A cross-site scripting vulnerability exists in Priority Web that stems from improper input neutralization and could lead to a cross-site scripting attack...
Advantech WebAccess/SCADA SQL Injection Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...
kimai 安全漏洞
kimai is a web-based multi-user time tracking application by the individual developer of kimai. A security vulnerability exists in kimai version 1.30.10, which stems from an improper implementation of the SameSite cookie and could lead to session hijacking...