24 matches found
CVE-2026-41446
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...
CVE-2026-41446
The affected product is the Snap One WattBox 800 and 820 series running firmware
CVE-2026-41446
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...
CVE-2026-41446 WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...
CVE-2026-41446 WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...
EUVD-2026-26142
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both of which are printed in plaintext on the physical device label. Attackers with access to the devi...
Snap One Wattbox 信任管理问题漏洞
The Snap One Wattbox is a series of power solutions developed by Snap One Corporation. The Snap One WattBox 800 and 820, versions prior to 2.10.0.0, had a trust management vulnerability. This vulnerability stemmed from the inclusion of undisclosed diagnostic HTTP endpoints, which could allow...
PT-2026-29528
A non-default configuration in Sage DPW 2025 06 004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW...
Sage DPW 安全漏洞
Sage DPW is a human resources system developed by the British company Sage. Version Sage DPW 202506004 contains security vulnerabilities. These vulnerabilities stem from non-default configurations that allow unverified access to diagnostic endpoints, potentially exposing sensitive information suc...
CVE-2021-22002
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in...
CVE-2025-10695
Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission = 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects...
CVE-2025-10695
Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission = 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects...
CVE-2025-10695 OpenSupports 4.11.0 — SSRF via test imap and smtp endpoints
Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission = 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects...
EUVD-2022-35628
Malicious code in bioql PyPI...
CVE-2022-32561
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network...
CVE-2022-32561
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network...
CVE-2022-32561
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network...
CVE-2022-32561
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network...
Input validation
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network...
CVE-2021-22002
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in...