Lucene search
+L

16 matches found

ncsc
ncsc
added 2 days ago10 views

Zero-day vulnerabilities are exploited in SonicWall SMA1000 devices.

SonicWall has identified two vulnerabilities in the SonicWall SMA1000 appliance. The vulnerability with the identifier CVE-2026-15409 involves Server-Side Request Forgery SSRF in the Work Place interface, allowing an unauthorized attacker to send requests to the device to unintended locations. Th...

10CVSS6.4AI score0.01486EPSS
Exploits4References1
nvd
nvd
added 3 days ago4 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2CVSS0.01486EPSS
Exploits1References2
cvelist
cvelist
added 3 days ago40 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

0.01486EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/12/19 11:25 a.m.6 views

CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC...

6.6CVSS6.9AI score0.0191EPSS
Exploits1References1
euvd
euvd
added 2025/12/18 12:30 p.m.11 views

EUVD-2025-204255

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC...

6.6CVSS6.5AI score0.0191EPSS
Exploits1References3
osv
osv
added 2025/12/18 11:15 a.m.7 views

CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC...

6.6CVSS5.8AI score0.0191EPSS
Exploits1References2
nvd
nvd
added 2025/12/18 11:15 a.m.9 views

CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC...

6.6CVSS0.0191EPSS
Exploits1References2
githubexploit
githubexploit
added 2025/12/18 7:32 a.m.318 views

Exploit for CVE-2025-40602

CVE-2025-40602 CVE-2025-40602 is a local privilege escalatio...

9.8CVSS8.4AI score0.23432EPSS
Exploits1
cisa_kev
cisa_kev
added 2025/12/17 12:0 a.m.13 views

SonicWall SMA1000 Missing Authorization Vulnerability

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console AMC of affected devices...

6.6CVSS7AI score0.0191EPSS
In wildExploits1
ptsecurity
ptsecurity
added 2025/12/17 12:0 a.m.11 views

PT-2025-51891

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 versions prior to 12.4.3-03245 and 12.5.0-02283 SonicWall SMA 100 series appliances affected versions not specified Description A local privilege escalation vulnerability exists in the SonicWall SMA1000 appliance management...

7.1CVSS7.7AI score0.0191EPSS
Exploits1References106
vulncheck_kev
vulncheck_kev
added 2025/12/17 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC...

6.6CVSS5.8AI score0.0191EPSS
In wildExploits1References10
osv
osv
added 2025/01/23 12:15 p.m.2 views

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands...

9.8CVSS7.8AI score0.23432EPSS
Exploits1References2
vulncheck_kev
vulncheck_kev
added 2025/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-23006

SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...

9.8CVSS7.5AI score0.23432EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2023/11/14 8:20 p.m.13 views

CVE-2023-34060

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

7.8AI score0.01345EPSS
Exploits4References4
nvd
nvd
added 2012/08/22 10:42 a.m.16 views

CVE-2012-4597

Cross-site scripting XSS vulnerability in McAfee Email and Web Security EWS 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway MEG 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management...

4.3CVSS5.7AI score0.01148EPSS
Exploits0References3
cvelist
cvelist
added 2012/08/22 10:0 a.m.27 views

CVE-2012-4580

Cross-site scripting XSS vulnerability in McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Managemen...

5.7AI score0.01384EPSS
Exploits0References1
Rows per page
Query Builder