14 matches found
CVE-2026-20103
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service DoS condition to n...
EUVD-2023-35241
Malicious code in bioql PyPI...
EUVD-2024-46759
Malicious code in bioql PyPI...
CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...
CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...
CVE-2024-37038
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests...
CVE-2024-37037
CVE-2024-37037 concerns a path traversal vulnerability in Schneider Electric Sage RTU devices. The authenticated attacker, with access to the device web interface, can exploit an improper limitation of a pathname to a restricted directory via a crafted HTTP request to corrupt files and impact dev...
CVE-2023-39678
A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...
CVE-2023-39678
A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...
CVE-2023-39678
A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...
Zoho ManageEngine Command Injection (CVE-2021-43319)
A command injection vulnerability exists in ManageEngine Network Configuration Manager. This vulnerability is due to insufficient validation in the ipaddress field of the ping functionality in add device web interface...
McAfee Network Data Loss Prevention Information Disclosure Vulnerability (CNVD-2017-07615)
McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP 9.3.x suffers from an information disclosure vulnerability in the server implementation, which can be exploited by a remote attacker to view user information via the device web...
AXIS (Multiple Products) - Cross-Site Request Forgery
0RWELLL4BS security advisory olsa-CVE-2015-8255 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: Cross-Site Request Forgery - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Session Management control CWE-352 - CVE Name: CVE-2015-8255 - Affecte...