Lucene search
K

7576 matches found

OSV
OSV
added 2026/01/14 5:16 p.m.6 views

CVE-2025-37182

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

7.2CVSS6.1AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 4:26 p.m.22 views

CVE-2025-37181 Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

7.2CVSS0.00404EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 8:16 p.m.6 views

CVE-2025-37171

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

7.2CVSS0.01203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 8:7 p.m.20 views

CVE-2025-37175 Authenticated Arbitrary File Upload Vulnerability in AOS-10 or AOS-8 Web-Based Management Interface

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...

7.2CVSS0.0043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS that stems from improper handling of input in the web-based management interface, which could trigger unexpected behavior...

7.2CVSS5.8AI score0.00367EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.8 views

CVE-2021-28006

Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...

6.1CVSS5.9AI score0.00863EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.6 views

CVE-2021-28007

Web Based Quiz System 1.0 is affected by cross-site scripting XSS in register.php through the name parameter...

6.1CVSS6AI score0.00863EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.7 views

CVE-2022-35422

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php...

9.8CVSS8.3AI score0.00789EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.19 views

CVE-2024-34927

A SQL injection vulnerability in /model/updateclassroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...

9.8CVSS8.5AI score0.0051EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.12 views

CVE-2025-23053

A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system...

6.5CVSS6.9AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.5 views

CVE-2023-4149

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management...

9.8CVSS7.5AI score0.01116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.8 views

CVE-2021-41083

Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any...

8.8CVSS7AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

GESTSUP 跨站请求伪造漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A cross-site request forgery vulnerability exists in GestSup 3.2.56 and prior versions, which stems from the application's failure to validate the...

8.9CVSS6.8AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.5 views

GESTSUP SQL注入漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GestSup 3.2.56 and prior versions, which stems from user-controlled inputs in the work order creation...

8.1CVSS7.7AI score0.00288EPSS
Exploits0References2
CNVD
CNVD
added 2026/01/09 12:0 a.m.4 views

TinyFileManager Path Traversal Vulnerability

TinyFileManager is a web-based file manager. It is used to store, upload, edit and manage files and folders online through a web browser. TinyFileManager has a path traversal vulnerability that stems from the parameter fullpath in the file tinyfilemanager.php failing to correctly filter special...

7.2CVSS5.8AI score0.00557EPSS
Exploits1
Cisco
Cisco
added 2026/01/07 4:0 p.m.12 views

Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

4.9CVSS6.9AI score0.05638EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/30 4:32 p.m.26 views

CVE-2025-15256 Edimax BR-6208AC Web-based Configuration formStaDrvSetup command injection

A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command injection. Remote exploitation of the attack i...

7.5CVSS0.03287EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.8 views

Priority Web 跨站脚本漏洞

Priority Web is the Web side of an Enterprise Resource Planning system from Priority Israel. A cross-site scripting vulnerability exists in Priority Web that stems from improper input neutralization and could lead to a cross-site scripting attack...

4.8CVSS5.6AI score0.00145EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/24 12:0 a.m.6 views

Advantech WebAccess/SCADA SQL Injection Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.4 views

kimai 安全漏洞

kimai is a web-based multi-user time tracking application by the individual developer of kimai. A security vulnerability exists in kimai version 1.30.10, which stems from an improper implementation of the SameSite cookie and could lead to session hijacking...

9.8CVSS6.5AI score0.00496EPSS
Exploits1References4
Rows per page
Query Builder