Lucene search
K

48 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 12:10 a.m.10 views

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 7:16 p.m.10 views

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

7.5CVSS0.00432EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 6:16 p.m.32 views

CVE-2026-8888 CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

0.00432EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:16 p.m.12 views

EUVD-2026-34168

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

5.8AI score0.00432EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 6:16 p.m.16 views

CVE-2026-8888

The CVE-2026-8888 entry applies to the Securly Chrome Extension (v3.0.7). It downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation, enabling an on-path attacker to inject patterns that cause catastrop...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-46053

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions using the new RegExp function without complexity validation. An on-path...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/03 4:48 p.m.151 views

Exploit for CVE-2022-30075

TP-L-NK-SIZMA-EXPLO-T TP-Link Router Authenticated RCE Exploit...

8.8CVSS7.3AI score0.37199EPSS
Exploits7
CVE
CVE
added 2026/02/23 4:27 p.m.13 views

CVE-2026-27514

The CVE-2026-27514 entry affects Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The vulnerability is in the configuration download functionality, where the response exposes the router password and administrative password in plaintext. Additionally, the response lacks proper Cache-...

7.1CVSS5.5AI score0.00216EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.7 views

PT-2026-21532

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The router firmware contains a flaw where the configuration download feature reveals the router password and administrative password in plaintext. The response...

7.1CVSS5.2AI score0.00216EPSS
Exploits0References4
CVE
CVE
added 2026/01/21 5:27 p.m.16 views

CVE-2021-47802

CVE-2021-47802 affects Tenda D151 and D301 routers. The issue is an unauthenticated configuration download vulnerability reachable via /goform/getimage, permitting remote attackers to retrieve router configuration data, including admin credentials. The provided connected sources corroborate the v...

8.7CVSS5.6AI score0.00612EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/16 5:6 p.m.3 views

CVE-2023-53896 D-Link DAP-1325 Hardware A1 Unauthenticated Configuration Download

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

8.7CVSS6.4AI score0.0062EPSS
Exploits1References3
NVD
NVD
added 2025/12/09 9:15 p.m.7 views

CVE-2023-53770

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...

8.7CVSS0.00466EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/25 12:0 a.m.7 views

CVE-2025-29514

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...

0.00555EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:15 a.m.3 views

CVE-2023-22636

An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request...

7CVSS6.5AI score0.00163EPSS
Exploits0References1
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.9 views

Brocade Fabric OS before 9.2.2 does not enforce strict host key checking

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a...

7.1CVSS6.9AI score0.00243EPSS
Exploits1
0day.today
0day.today
added 2024/10/22 12:0 a.m.220 views

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download Vulnerability

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script. ABB Cyl...

7.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/16 12:0 a.m.379 views

ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config Download

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.8 views

PT-2024-26442 · Anpviz · Anpviz

Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to download the running configuration of the device via a HTTP GET request to "/ConfigFile.ini" or "/config.xml" URIs. This configuration file...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/02/02 3:27 a.m.133 views

Exploit for Improper Authentication in Hikvision Ds-2Cd2032-I_Firmware

cve-2017-7921-Mass-Exploit Mass Config Download python3 dow...

10CVSS8.9AI score0.99998EPSS
Exploits11
NVD
NVD
added 2023/12/19 2:15 a.m.17 views

CVE-2023-6940

with only one user interactiondownload a malicious config, attackers can gain full command execution on the victim system...

9CVSS0.01219EPSS
Exploits0References2
Rows per page
Query Builder