Lucene search
K

1085 matches found

Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.9 views

PT-2026-21531

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...

5.1CVSS5.1AI score0.00102EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.8 views

CVE-2025-11725

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings,...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.12 views

WordPress plugin Aruba HiSpeed Cache 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References4
NVD
NVD
added 2026/02/17 9:22 p.m.5 views

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

8.8CVSS0.00299EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/17 10:54 a.m.2 views

Missing Authorization

Overview org.apache.nifi:nifi-web-api is a system to process and distribute data. Affected versions of this package are vulnerable to Missing Authorization when updating configuration properties on extension components with restricted permissions. An attacker can modify sensitive configuration...

8.7CVSS5.7AI score0.0075EPSS
Exploits0References2
NVD
NVD
added 2026/02/11 6:16 p.m.8 views

CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

8.1CVSS0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:26 a.m.10 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

8.8CVSS5.7AI score0.00244EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/05 1:55 p.m.6 views

CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

5.1CVSS5.8AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/05 1:55 p.m.33 views

CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

5.1CVSS0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6556

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise Certified Container versions up to 12.19.0 Continuous Delivery IBM App Connect Enterprise Certified Container version 12.0 LTS Long Term Support Description The software may allow an attacker to access sensitive file...

5.1CVSS5.4AI score0.00148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:59 p.m.2 views

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

9.3CVSS5.4AI score0.00474EPSS
Exploits0References3
CVE
CVE
added 2026/02/03 10:59 p.m.18 views

CVE-2026-1632

The CVE affects MOMA Seismic Station, specifically versions v2.4.2520 and prior, where the web management interface is exposed without authentication. The root cause is missing access control on the web UI, enabling an unauthenticated attacker to modify configuration settings, exfiltrate device d...

9.3CVSS5.4AI score0.00474EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

RISS SRL MOMA Seismic Station 访问控制错误漏洞

RISS SRL MOMA Seismic Station is a specialized industrial control device for earthquake monitoring developed by the Italian company RISS SRL. Versions of RISS SRL MOMA Seismic Station prior to v2.4.2520 contained an access control vulnerability. This vulnerability stemmed from the lack of...

9.3CVSS5.8AI score0.00474EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/26 5:46 p.m.7 views

EUVD-2026-4672

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 lack cross-site request forgery CSRF protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered b...

5.1CVSS5.9AI score0.00108EPSS
Exploits0References2
CVE
CVE
added 2026/01/21 5:27 p.m.13 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 is affected by a CSRF vulnerability. An attacker can lure an authenticated administrator to a malicious page to modify SMTP configuration settings, potentially enabling unauthorized changes. The vulnerability is CSRF with no direct remote code execution ...

6.5CVSS5.8AI score0.00349EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/14 5:16 p.m.10 views

CVE-2025-37185

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/14 4:20 p.m.6 views

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS5.7AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 4:20 p.m.27 views

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

5.5CVSS0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.6 views

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

8.8CVSS6.8AI score0.0205EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:56 a.m.10 views

CVE-2018-4070

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send...

8.8CVSS6.5AI score0.18287EPSS
Exploits3References1
Rows per page
Query Builder