87140 matches found
CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...
CVE-2017-20235
CVE-2017-20235 affects ProSoft Technology ICX35-HWC gateways (firmware version 1.3 and earlier). The issue is an authentication bypass in the web user interface that lets unauthenticated attackers access administrative functions and full device configuration without valid credentials. Affected co...
CVE-2017-20234 GarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2017-20234
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...
CVE-2018-25236 Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests...
EUVD-2026-18905
Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...
CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter
Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...
CVE-2026-34607 Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...
EUVD-2026-18901
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...
CVE-2026-34607 Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...
CVE-2026-34607
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...
CVE-2026-34607
Summary: CVE-2026-34607 affects Emlog extractTo($path) without sanitizing ZIP entry names, enabling an authenticated admin to upload crafted ZIPs with ../ sequences to write arbitrary files on the server, including PHP web shells, resulting in Remote Code Execution (RCE). At publication, there ar...
CVE-2026-34228 Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write
Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...
CVE-2016-15058
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...
GHSA-53MR-6C8Q-9789 LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
Impact The /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to...
CVE-2016-15058 Hirschmann HiLCOS Classic Platform Password Exposure via SNMP
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...
GHSA-X8HC-FQV3-7GWF Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity
Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...
EUVD-2026-18372
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity...
Authentication Bypass Using an Alternate Path or Channel
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /skServer/enableSecurity endpoint. An attacker can gain unauthorized administrative privileges by...
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity
Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...