CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

CVE-2023-45795

The provided CVE describes a cross-site scripting (XSS) vulnerability in the Builder Component of Pilz PASvisu before version 1.14.1. The issue allows a local unauthenticated attacker to inject malicious JavaScript and gain full control over the device. Concrete exploitation details are not provi...

CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

CVE-2026-9151

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

PT-2026-48516

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

Garmin WDU 安全漏洞

Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic equipment. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from the ability to allow cross-source WebSocket...

PT-2026-38434

Name of the Vulnerable Software and Affected Versions Optoma CinemaX P2 version TVOS-04.24.010.04.01 Description The device exposes Android Debug Bridge ADB on TCP port 5555 over the network without authentication. It is configured with the variable ro.adb.secure set to 0, which disables RSA key...

CVE-2026-30495

The CVE-2026-30495 entry concerns the Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0). Technical details in the connected documents show an exploitable condition where ADB is exposed over TCP port 5555 without authentication (ro.adb.secure=0) and a functional /system/xb...

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

CVE-2026-42363

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

PT-2026-35277

Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5 Description Insufficient encryption in the Device Authentication functionality allows for the leakage of administrator credentials. When the utility sends privileged commands to devices over UDP...

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the lack of authentication or authorization in the embedded management services. This...

Anviz Multiple Products

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or...

EUVD-2026-21203

A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...

CVE-2025-15607 Authenticated Command Injection in mcsd Service of TP-Link Archer AX53

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

CVE-2025-15607

The CVE-2025-15607 issue affects TP-Link Archer AX53 v1 in the mscd (debug) component. The root cause is insufficient input handling in the mscd debug functionality, enabling command injection where log redirection to arbitrary files and concatenation of unvalidated file content into shell comman...

PT-2026-26630

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

CVE-2026-22225

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...