Lucene search
K

18 matches found

NVD
NVD
added 2026/06/25 2:16 p.m.7 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.3 views

EUVD-2026-39386

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

2.7CVSS5.8AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.27 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 3:16 a.m.7 views

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

7.2CVSS0.01157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 2:6 a.m.4 views

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

7.2CVSS5.5AI score0.01157EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/02/08 8:32 a.m.9 views

EUVD-2026-5805

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

8.6CVSS6.7AI score0.04317EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-29231

A stored cross-site scripting XSS vulnerability in the pagesave component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters...

6.1CVSS5.6AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 6:31 p.m.4 views

EUVD-2025-203802

A stored cross-site scripting XSS vulnerability in the pagesave component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters...

6.1CVSS5.1AI score0.00155EPSS
Exploits0References3
CVE
CVE
added 2025/12/16 12:0 a.m.9 views

CVE-2025-29231

The CVE-2025-29231 entry describes a stored XSS vulnerability in the Linksys E5600, specifically in the page_save component of firmware version V1.1.0.26. The issue allows an attacker to execute arbitrary scripts via crafted input in the hostname and domainName parameters. According to the publis...

6.1CVSS5.2AI score0.00155EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/16 12:0 a.m.2 views

CVE-2025-29231

A stored cross-site scripting XSS vulnerability in the pagesave component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters...

5.2AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.6 views

PT-2025-51737

Name of the Vulnerable Software and Affected Versions Linksys E5600 version V1.1.0.26 Description A stored cross-site scripting XSS issue exists in the page save component of the Linksys E5600. An attacker can inject a crafted payload into the hostname and domainName parameters, potentially leadi...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References4
OSV
OSV
added 2023/10/13 1:15 p.m.4 views

CVE-2023-45465

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings...

9.8CVSS5.8AI score0.01842EPSS
Exploits1References1
OSV
OSV
added 2023/03/13 2:15 p.m.5 views

CVE-2023-27063

Tenda V15V1.0 V15.11.0.14152131901058 was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

9.8CVSS7.7AI score0.0102EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.4 views

Tenda W15E 安全漏洞

Tenda W15E is a wireless router from Tenda China. A security vulnerability exists in the Tenda W15E V1.0 V15.11.0.14 152131901058 version, which originates from the discovery of a contain you buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function...

9.8CVSS8.7AI score0.0102EPSS
Exploits1References2
CNVD
CNVD
added 2017/08/25 12:0 a.m.2 views

Synology DNS Server Directory Traversal Vulnerability

Synology DNS Server is a DNS server solution from Synology. A directory traversal vulnerability exists in SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server versions prior to 2.2.1-3042. A remote attacker can exploit the vulnerability to write arbitrary files with the help of the...

6.5CVSS6.7AI score0.01989EPSS
Exploits0References1
OSV
OSV
added 2017/08/24 6:29 p.m.4 views

CVE-2017-12074

Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domainname parameter...

6.5CVSS5.9AI score0.01989EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/14 12:0 a.m.6 views

Kemp Virtual LoadMaster /progs/geoctrl/doadd fqdn stored cross-site scripting vulnerability

Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster /progs/geoctrl/doadd handles the fqdn parameter cross-site scripting vulnerability, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to...

6.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/01/21 12:0 a.m.8 views

PT-2015-5024 · D Link · D-Link Dsl-2730B

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2730B router rev C1 with firmware GE 1.01 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via several parameters, including the domainname parameter to "dnsProxy.cmd" DNS Proxy...

3.5CVSS6.3AI score0.02829EPSS
Exploits1References8
Rows per page
Query Builder