Lucene search
K

263 matches found

EUVD
EUVD
added 5 days ago11 views

EUVD-2026-42445

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-5922 Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 6 days ago18 views

CVE-2026-5922

CVE-2026-5922 affects Poly Voice IP phones; a vulnerability exists where malicious input stored in configuration parameters is rendered in the WebUI, enabling cross-site scripting (XSS) and potentially allowing unauthorized modification of the WebUI. Root cause appears to be input stored in confi...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 6:15 p.m.13 views

CVE-2026-49374

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...

7.6CVSS5.8AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 6:15 p.m.33 views

CVE-2026-49374

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...

7.6CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 6:15 p.m.13 views

EUVD-2026-33382

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...

7.6CVSS5.8AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 6:15 p.m.22 views

CVE-2026-49374

CVE-2026-49374 affects JetBrains TeamCity before 2026.1, where improper permission checks exposed build configuration parameters. The CVSS 3.1 base score is 7.6 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: LOW, and UI none. Impact: Confidentiality HIGH, Integrity...

7.6CVSS5.8AI score0.00226EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44954

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description Improper permission checks allow for the exposure of build configuration parameters. Recommendations Update to version 2026.1...

7.6CVSS5.8AI score0.00226EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

HP LaserJet Improper Neutralization of Input During Web Page Generation (CVE-2009-2684)

Multiple cross-site scripting XSS vulnerabilities in Jetdirect and the Embedded Web Server EWS on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the 1 ProductURL or 2 TechURL parameter in an Apply action t...

4.3CVSS5.8AI score0.0223EPSS
Exploits10References3
Cvelist
Cvelist
added 2026/04/24 12:2 a.m.29 views

CVE-2026-40620 SenseLive X3050 Missing authentication for critical function

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted...

9.8CVSS0.00546EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/25 3:31 p.m.4 views

EUVD-2026-8653

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

4.3CVSS5.3AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 2:16 p.m.10 views

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/25 12:57 p.m.2 views

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations...

4.3CVSS5.9AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 10:16 p.m.6 views

CVE-2019-25398

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

6.1CVSS5.9AI score0.00242EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/18 8:59 p.m.3 views

CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.396 views

📄 motionEye 0.43.1b4 Remote Command Injection

A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...

7.2CVSS6.1AI score0.18993EPSS
Exploits17
Cvelist
Cvelist
added 2026/02/10 5:27 p.m.31 views

CVE-2026-0652 Remote Code Execution on TP-Link Tapo C260 by Guest User

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cau...

8.7CVSS0.21577EPSS
Exploits2References3
Rows per page
Query Builder