Lucene search
K

2697 matches found

OSV
OSV
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34236

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via NetworksController.addNetworkAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

5.4CVSS5.9AI score0.002EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34238

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

6.5CVSS5.9AI score0.00373EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.6 views

CVE-2025-34239

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

8.6CVSS0.01766EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34239

Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...

7.2CVSS6AI score0.01766EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.6 views

CVE-2025-34238

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

6.9CVSS0.00373EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 8:15 p.m.2 views

CVE-2025-34240

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score0.00284EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34236

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via NetworksController.addNetworkAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...

6.2CVSS0.002EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.3 views

CVE-2025-34240

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS0.00284EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.5 views

CVE-2025-34237

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

6.3CVSS0.00197EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/06 7:49 p.m.2 views

CVE-2025-34247 Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.1CVSS7.2AI score0.00288EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:49 p.m.4 views

CVE-2025-34247 Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.1CVSS0.00288EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:49 p.m.10 views

CVE-2025-34247

Advantech WebAccess/VPN versions prior to 1.1.5 are affected by a SQL injection in NetworksController.addNetworkAction(). An authenticated, low-privileged observer user can inject SQL via datatable search parameters, potentially disclosing database information. Affected product scope and impact a...

6.5CVSS7.2AI score0.00288EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/11/06 7:49 p.m.3 views

CVE-2025-34246 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/06 7:49 p.m.3 views

CVE-2025-34246 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS7.2AI score0.00284EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:49 p.m.10 views

CVE-2025-34246

Advantech WebAccess/VPN

6.5CVSS7.2AI score0.00284EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/11/06 7:48 p.m.8 views

CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/06 7:48 p.m.4 views

CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS7.2AI score0.00284EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:48 p.m.7 views

CVE-2025-34245

Advantech WebAccess/VPN before 1.1.5 contains a SQL injection in AjaxStandaloneVpnClientsController.ajaxAction() that an authenticated, low-privileged observer can exploit via datatable search parameters, potentially disclosing database information. Affected version: prior to 1.1.5. Some connecte...

6.5CVSS7.2AI score0.00284EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 7:47 p.m.3 views

CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS7.2AI score0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:47 p.m.7 views

CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS0.00284EPSS
Exploits0References3
Rows per page
Query Builder