CVE-2025-4338 Lantronix Device Installer Improper Restriction of XML External Entity Reference

Lantronix Device installer is vulnerable to XML external entity XXE attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device...

CVE-2021-1464

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input...

CVE-2020-8768

An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device...

CVE-2020-18330

An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01hardware platform Gpn2.4P21-CWIFI-V0.05, allows attackers to gain access to the configuration interface...

CVE-2020-1292

An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'...

CVE-2020-35783

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switc...

CVE-2019-25020

An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI...

CVE-2018-20609

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI...

CVE-2018-1000197

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration...

CVE-2013-1402

DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/generalconfiguration.html...

CVE-2015-3030

The web interface in McAfee Advanced Threat Defense MATD before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors...

CVE-2002-2059

BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key...

CVE-2025-40581

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote...

UBUNTU-CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

PT-2025-20372 · Netis Systems · Wf2220

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The endpoint /cgi-bin-igd/netcore set.cgi is used for changing device configuration and is accessible without authentication, posing a significant security threat. This could allow for...

CVE-2025-20214

A vulnerability in the Network Configuration Access Control Module NACM of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner API call behavior caus...

CVE-2025-20214

CVE-2025-20214 affects Cisco IOS XE Software NACM. A subtle change in inner API call behavior can cause NACM-filtered results to be returned, enabling an authenticated remote attacker to read configuration or operational data via NETCONF, RESTCONF, or gNMI. The attack requires the attacker to hol...

CVE-2025-20214

A vulnerability in the Network Configuration Access Control Module NACM of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner API call behavior caus...

Cisco IOS XE Software Model-Driven Programmability Authorization Bypass Vulnerability

A vulnerability in the Network Configuration Access Control Module NACM of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner API call behavior caus...

PT-2025-20277 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Network Configuration Access Control Module NACM could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or...