40 matches found
Astra Linux - уязвимость в zabbix
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
EUVD-2026-11713
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...
CVE-2026-25819
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...
CVE-2026-25819
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...
EUVD-2021-12918
Malware in sbrugna...
EUVD-2018-1240
Malware in sbrugna...
EUVD-2024-42217
Malicious code in bioql PyPI...
CVE-2025-45424
Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...
CVE-2024-46666
An allocation of resources without limits or throttling CWE-770 vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests...
No Secondary Node GUI Access, Intermittent issue due to /var over 100% Full
The graphical user interface GUI on the secondary system becomes unresponsive or inaccessible when the /var directory exceeds 100% disk utilization. This is primarily attributed to the /var/log/db/default/lbvserver folder occupying a high amount of storage space. Despite manual removal of files...
CVE-2024-55570
CVE-2024-55570 affects Cubro EXA48200 network packet broker UI: /api/user/users allows remote authenticated users to elevate privileges by sending a single HTTP PUT with rolename=Administrator (improper access control). Affected build: 20231025055018; fixed in V5.0R14.5P4-V3.3R1. CVSS 3.1 base sc...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
Unspecified Vulnerability in Fortinet FortiOS (CNVD-2025-02529)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...
CVE-2024-46666
An allocation of resources without limits or throttling CWE-770 vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests...
CVE-2024-46666
An allocation of resources without limits or throttling CWE-770 vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests...
CVE-2024-46666
CVE-2024-46666 affects FortiOS (various 7.x and 6.4) with an CWE-770 resource allocation issue that can allow a remote unauthenticated attacker to block GUI access via crafted requests to specific endpoints. The CVSSv3.1 base score is 5.3 (Medium), with network attack vector and no user interacti...
PT-2025-2746 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4 through 7.6.0 Description: An allocation of resources without limits or throttling vulnerability may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific...
CVE-2024-36467
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
Netscale MPX/SDXr: LOM GUI is not accessible.
Unable to access the GUI of configured LOM IP. CLI access to LOM IP works but does not behave as expected...