632 matches found
ASKI Energy ALS-Mini-S8 and ALS-Mini-S4
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full control over the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
CVE-2025-6949
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to...
CVE-2025-6949
CVE-2025-6949 affects Moxa’s network security appliances and routers. The vulnerability is an authorization flaw in the API that allows an authenticated, low-privileged user to create a new administrator account (including usernames matching existing users), potentially granting full administrati...
DBLTek GoIP 安全漏洞
DBLTek GoIP is a voice gateway device from Deborah DBLTek China. A security vulnerability exists in the DBLTek GoIP that stems from an undocumented vendor backdoor in the Telnet management interface that could lead to remote code execution and full control of the device...
CVE-2016-15047
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2025-27049
Transient DOS while processing IOCTL call for image encoding...
EUVD-2016-10792
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2016-15047
CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...
CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...
CVE-2025-59448
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
MAL-2025-47975 Malicious code in consumerweb-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4eb6a4d25e1e5232ce079c43523de3b71572bb90389aabf0dbebd38837fb89f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2019-2771
Malware in sbrugna...
EUVD-2019-18935
Malware in sbrugna...
EUVD-2018-18080
Malware in sbrugna...
EUVD-2017-8637
Malware in sbrugna...
EUVD-2020-4829
Malware in sbrugna...
EUVD-2013-4852
Malware in sbrugna...
EUVD-2017-8219
Malware in sbrugna...
EUVD-2019-13539
Malware in sbrugna...