CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2026/02/28 1:55 a.m.•7 views

CVE-2026-25109

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route...

8.8CVSS6.5AI score0.01518EPSS

Exploits0References1

EUVD•added 2026/02/27 3:30 a.m.•5 views

EUVD-2026-8955

8CVSS6.5AI score0.01518EPSS

Exploits0References4

OSV•added 2026/02/27 1:16 a.m.•3 views

CVE-2026-25109

8.8CVSS6.5AI score0.01518EPSS

Exploits0References3

Cvelist•added 2026/02/27 12:48 a.m.•22 views

CVE-2026-25109 Copeland XWEB and XWEB Pro OS Command Injection

8CVSS0.01518EPSS

Exploits0References3

CVE•added 2026/02/27 12:48 a.m.•10 views

CVE-2026-25109

CVE-2026-25109 affects XWEB Pro prior to 1.12.1. The vulnerability is an OS command injection in the devices field on the /get setup route, exploitable by an authenticated attacker to achieve remote code execution. Public sources (NVD, Red Hat, EUVD) confirm the impact and vulnerable version rang...

8.8CVSS6.5AI score0.01518EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/02/27 12:48 a.m.•3 views

CVE-2026-25109

8.8CVSS6.5AI score0.01518EPSS

Exploits0References4

Positive Technologies•added 2026/02/27 12:0 a.m.•7 views

PT-2026-22260

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is possible by injecting malicious input into the devices field when accessing the /get setup API endpoint...

8.8CVSS6.3AI score0.01518EPSS

Exploits0References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by