55 matches found
CVE-2026-49345
CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...
CVE-2026-35090
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...
EUVD-2020-20861
Malware in sbrugna...
EUVD-2019-16794
Malware in sbrugna...
EUVD-2022-1496
Malicious code in bioql PyPI...
EUVD-2022-46371
Malicious code in bioql PyPI...
CVE-2025-57538
A stored cross-site scripting XSS vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment PVE 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view...
CVE-2025-57538
A stored cross-site scripting XSS vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment PVE 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view...
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
CVE-2020-18325
Multilple Cross Site Scripting XSS vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel...
CVE-2020-28402
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel...
CVE-2023-43830
A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
Design/Logic Flaw
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
Yeastar N412和Yeastar N824 安全漏洞
The Yeastar N412 and Yeastar N824 are both easy-to-use and inexpensive phone systems from the Spanish company Yeastar. A security vulnerability exists in the Yeastar N412 and N824 Configuration Panel versions 42.x and 45.x. The vulnerability stems from the fact that an unauthenticated attacker ca...
CVE-2022-47732
Affected software: Yeastar N412 and N824 Configuration Panel (versions 42.x–45.x). Vulnerability details: An unauthenticated attacker can create a backup file, download it, and reveal the admin hash. If the hash is cracked, the attacker can log in to the Configuration Panel; alternatively, the at...
CVE-2022-43332
A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...
CVE-2022-43332
A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...
Cross site scripting
A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...