CVE-2026-23115

In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty-port race condition Revert commit bfc467db60b7 "serial: remove redundant ttyportlinkdevice" because the ttyportlinkdevice is not redundant: the tty-port has to be confured before we call uartconfigureport,...

CVE-2023-36497

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges...

Path traversal

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system...

CVE-2023-36497

CVE-2023-36497 affects Dover Fueling Solutions MAGLINK LX Web Console Configuration, versions 2.5.1 through 3.3. The vulnerability is an authentication bypass by primary weakness that could allow a guest user to elevate to admin privileges. Reported base score 8.8 (HIGH) with NETWORK attack vecto...

CVE-2023-38256 Dover Fueling Solutions MAGLINK LX Console Path Traversal

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system...

CVE-2023-38256

CVE-2023-38256 affects Dover MAGLINK LX Web Console Configuration versions 2.5.1–3.3. It is a path traversal vulnerability caused by improper restriction of directory path names, potentially allowing an attacker to access files stored on the system. Public sources describe remote exploitation wit...

CVE-2023-41256

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access...

Authentication flaw

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access...

CVE-2023-41256 Dover Fueling Solutions MAGLINK LX Console Authentication Bypass

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access...

CVE-2023-41256

The CVE-2023-41256 entry concerns the MAGLINK LX Web Console Configuration (versions 2.5.1–3.3) from Dover Fueling Solutions, vulnerable to an authentication bypass that could let an unauthenticated attacker gain user access. Public sources (CISA ICS advisory) describe this as a remote, low-compl...

baigo CMS Cross-Site Scripting Vulnerability (CNVD-2021-53924)

baigo CMS is an open source PHP-based web content management system CMS. baigo CMS v4.0 contains a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary web script or HTML by submitting form parameters to a public console configuration file...

The vulnerability of the microprogrammed Ethernet switch software from Moxa, models PT-7528 and PT-7828, stems from the use of rigidly encoded configuration data for the device’s console. This allows attackers to exploit their privileges to gain unauthorized access.

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of rigidly encoded configuration data for the device’s configuration console. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2009-1596

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password aka canChangePassword console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwdchange IQ packet...