Lucene search
K

517 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31618

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

6.3AI score0.00148EPSS
Exploits0References4
CVE
CVE
added 2026/04/01 8:41 p.m.16 views

CVE-2026-34530

CVE-2026-34530 affects File Browser (pre-2.62.2) where the SPA index page renders admin-controlled branding fields using Go’s text/template, which is not HTML-escaped. An admin can set branding.name to a malicious payload, injecting persistent JavaScript that executes for all visitors, including ...

6.9CVSS5.8AI score0.00356EPSS
Exploits1References2Affected Software1
ICS
ICS
added 2026/02/26 7:0 a.m.8 views

Chargemap chargemap.com

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

5.9AI score
Exploits0References11
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Jinan USR IOT USR-W610 安全漏洞

Jinan USR IOT USR-W610 is a serial-to-Ethernet converter produced by the Jinan USR IOT company. There is a security vulnerability in the Jinan USR IOT USR-W610; this vulnerability stems from allowing administrator username and password values to be set to null, which may allow unauthenticated...

9.8CVSS5.8AI score0.0057EPSS
Exploits0References2
NVD
NVD
added 2026/02/12 7:15 p.m.7 views

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

9.8CVSS0.00367EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 10:52 p.m.5 views

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS5.5AI score0.00364EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.9 views

CVE-2026-22223

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8.5CVSS6.1AI score0.01423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.4 views

CVE-2026-0630

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise o...

8.5CVSS6.4AI score0.01296EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 8:15 p.m.7 views

CVE-2025-10878

A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full...

10CVSS0.00602EPSS
Exploits2References2
OSV
OSV
added 2026/02/02 6:16 p.m.9 views

CVE-2026-22229

A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device,...

7.2CVSS5.8AI score0.01887EPSS
Exploits0References7
OSV
OSV
added 2026/02/02 6:16 p.m.7 views

CVE-2026-22223

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8CVSS5.9AI score0.01423EPSS
Exploits0References4
NVD
NVD
added 2026/02/02 6:16 p.m.5 views

CVE-2026-22223

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8.5CVSS0.01423EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 6:16 p.m.5 views

CVE-2026-22222

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

8CVSS6AI score0.01423EPSS
Exploits0References4
NVD
NVD
added 2026/02/02 6:16 p.m.8 views

CVE-2026-22221

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8.5CVSS0.01293EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 6:16 p.m.4 views

CVE-2026-22221

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

8CVSS6AI score0.01293EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 6:16 p.m.6 views

CVE-2026-0631

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...

8CVSS6AI score0.01293EPSS
Exploits0References4
NVD
NVD
added 2026/02/02 6:16 p.m.10 views

CVE-2026-0630

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise o...

8.5CVSS0.01296EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/02 5:56 p.m.5 views

EUVD-2026-5084

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

8.5CVSS5.7AI score0.02605EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/02 5:55 p.m.7 views

EUVD-2026-5089

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS5.8AI score0.02394EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/02 5:52 p.m.5 views

CVE-2026-22224 Command Injection Vulnerability on TP-Link Archer BE230 v1.2

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS5.8AI score0.02597EPSS
Exploits0References4
Rows per page
Query Builder