CVE-2025-29266

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled...

CVE-2025-26659

CVE-2025-26659 – SAP NetWeaver ABAP (WebGUI) is a DOM-based XSS vulnerability caused by insufficient encoding of user-controlled inputs in the SAP NetWeaver Application Server ABAP. The flaw allows an attacker with no privileges to craft a malicious web message that executes JavaScript in the vic...

Security Bulletin: Vulnerabilities in Apache Commons IO library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-47554)

Summary Apache Commons IO library is used by Tivoli Netcool/OMNIbus WebGUI as part of Apache POI dependency for Seasonal Event Graphs export feature. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource...

Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-53677)

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI WebGUI as part of its web client component. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some...

Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers

Overview UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contain multiple vulnerabilities listed below. Command injection CWE-77 - CVE-2024-11013 Cross-site request forgery WE-352 - CVE-2024-11014 RyotaK of Flatt Security Inc. reported these vulnerabilities to NEC Corporation and...

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

CVE-2024-36622

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter...

CVE-2024-36622

CVE-2024-36622 affects RaspAP raspap-webgui, version 3.0.9 and earlier. The issue is a command injection in the clearlog.php script caused by improper sanitization of the logfile parameter. The vulnerability details across connected sources consistently describe the same root cause and impact (po...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2023-51775)

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2023-50313)

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Arbitrary Code Injection

Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Arbitrary Code Injection in the DisplayProviderConfig function, which is accessible via the $POST'country' in the HTTP POST request handler. A use...

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

RaspAP raspap-webgui 3.0.9 contains a code injection vulnerability in includes/provider.php via the HTTP POST parameter country, enabling remote code execution. Exploitation is possible over the network and public disclosures exist. A remediation is available: upgrade to billz/raspap-webgui 3.1.0...

Security Bulletin: Vulnerabilities in Apache Commons Compress library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-26308, CVE-2024-25710)

Summary Apache Commons Compress library is used by Tivoli Netcool/OMNIbus WebGUI as part of Apache POI dependency for Seasonal Event Graphs export feature. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of...

PT-2024-20680 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui version 3.0.9 Description: A critical issue affects the processing of the file includes/provider.php in the HTTP POST Request Handler component. The manipulation of the country argument leads to code injection. This issue...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI due to January 2024 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Denial of Service (DoS)

Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Denial of Service DoS due to improper authentication. An attacker can cause a persistent denial of service bricking by sending a specially crafted...

CVE-2024-28753

CVE-2024-28753 affects RaspAP (raspap-webgui) up to version 3.0.9. The issue allows remote attackers to read the /etc/passwd file via a crafted request, revealing sensitive local user information. Root cause: likely an improper access path/authorization check that permits reading sensitive system...

CVE-2024-28754

CVE-2024-28754 affects RaspAP (raspap-webgui) up to version 3.0.9. A remote attacker can trigger a crafted request to cause a persistent denial of service (bricking). The issue is documented across multiple sources (including Red Hat and OSV/GHSA/NVD entries). Remediation available in at least on...