3 matches found
CVE-2026-33681
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...
The vulnerability in the web interface for managing microprogrammed software devices of Cisco Analog Telephone Adapter (ATA) series 190 allows a perpetrator to execute commands on behalf of the Admin user.
The vulnerability of the web interface for managing microprogrammed software in Cisco Analog Telephone Adapter ATA devices of the 190 series is related to access control errors. Exploiting this vulnerability allows a malicious actor to execute commands on behalf of the Admin user by sending a...
CVE-2023-28651
Cross-site scripting vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is...