Lucene search
K

632 matches found

ICS
ICS
added 2025/10/23 6:0 a.m.6 views

ASKI Energy ALS-Mini-S8 and ALS-Mini-S4

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full control over the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...

10CVSS7.1AI score0.00754EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/10/17 3:12 a.m.1 views

CVE-2025-6949

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to...

9.3CVSS6.7AI score0.00658EPSS
Exploits0References1
CVE
CVE
added 2025/10/17 3:12 a.m.15 views

CVE-2025-6949

CVE-2025-6949 affects Moxa’s network security appliances and routers. The vulnerability is an authorization flaw in the API that allows an authenticated, low-privileged user to create a new administrator account (including usernames matching existing users), potentially granting full administrati...

9.3CVSS6.7AI score0.00658EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.8 views

DBLTek GoIP 安全漏洞

DBLTek GoIP is a voice gateway device from Deborah DBLTek China. A security vulnerability exists in the DBLTek GoIP that stems from an undocumented vendor backdoor in the Telnet management interface that could lead to remote code execution and full control of the device...

9.3CVSS7.9AI score0.00837EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/10 9:27 p.m.7 views

CVE-2016-15047

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

8.7CVSS7.8AI score0.03946EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/10 7:17 p.m.9 views

CVE-2025-27049

Transient DOS while processing IOCTL call for image encoding...

5.5CVSS7AI score0.00072EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/09 9:31 p.m.7 views

EUVD-2016-10792

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

8.7CVSS7.3AI score0.03946EPSS
Exploits0References7
CVE
CVE
added 2025/10/09 9:10 p.m.21 views

CVE-2016-15047

CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...

8.7CVSS7.4AI score0.03946EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/09 9:10 p.m.3 views

CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

8.7CVSS7.4AI score0.03946EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/09 9:10 p.m.10 views

CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

8.7CVSS0.03946EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/07 11:13 p.m.6 views

CVE-2025-59448

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS6.7AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 4:11 a.m.2 views

MAL-2025-47975 Malicious code in consumerweb-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4eb6a4d25e1e5232ce079c43523de3b71572bb90389aabf0dbebd38837fb89f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-2771

Malware in sbrugna...

10CVSS9.2AI score0.04451EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-18935

Malware in sbrugna...

9.8CVSS9.5AI score0.01363EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18080

Malware in sbrugna...

5.5CVSS5.6AI score0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-8637

Malware in sbrugna...

7.8CVSS7.7AI score0.00361EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4829

Malware in sbrugna...

6.8CVSS6.5AI score0.01006EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-4852

Malware in sbrugna...

4.6CVSS6.4AI score0.00347EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-8219

Malware in sbrugna...

7.8CVSS7.7AI score0.00331EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13539

Malware in sbrugna...

9.8CVSS9.4AI score0.36325EPSS
Exploits1References2
Rows per page
Query Builder