EUVD-2026-14417

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing administrative endpoints. A remote attacker can induce an authenticated administrator to submit crafted requests that modify device settings, including security-relevant...

CVE-2025-12866

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...

CVE-2025-12867

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-12867

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-12866

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...

CVE-2025-12867 Hundred Plus｜EIP Plus - Arbitrary File Uplaod

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-12867 Hundred Plus｜EIP Plus - Arbitrary File Uplaod

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-12867

The CVE-2025-12867 entry concerns Hundred Plus EIP Plus. The connected documents substantiate an Arbitrary File Upload vulnerability in EIP Plus that could allow privileged remote attackers to upload and execute a web shell, resulting in arbitrary code execution on the server. Affected product is...

CVE-2025-12866 Hundred Plus｜EIP Plus - Weak Password Recovery Mechanism

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...

CVE-2025-12866

CVE-2025-12866 affects Hundred Plus EIP Plus (enterprise management software). The root cause is a Weak Password Recovery Mechanism that allows an unauthenticated remote attacker to predict or brute-force the password reset link, enabling password resets for any user. Consequences include potenti...

CVE-2025-12866 Hundred Plus｜EIP Plus - Weak Password Recovery Mechanism

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...

Hundred Plus EIP Plus 授权问题漏洞

Hundred Plus EIP Plus is an enterprise management software from Hundred Plus Ares Taiwan, China. Hundred Plus EIP Plus suffers from an authorization issue vulnerability that stems from a weak password recovery mechanism, which could allow an unauthenticated, remote attacker to predictably or...

Hundred Plus EIP Plus 代码问题漏洞

Hundred Plus EIP Plus is an enterprise management software from Hundred Plus Ares Hundred Plus of Taiwan, China. Hundred Plus EIP Plus suffers from a code issue vulnerability that originates from allowing a privileged remote attacker to upload and execute a web backdoor that could lead to the...

PT-2025-45593

Name of the Vulnerable Software and Affected Versions Hundred Plus EIP Plus affected versions not specified Description A flaw exists in Hundred Plus EIP Plus that allows remote attackers with elevated privileges to upload and execute web shell backdoors. Successful exploitation could lead to...

Hundred Plus 101EIP system cross-site scripting vulnerability

Hundred Plus 101EIP system is a cloud-based office platform of Taiwan Hundred Plus Corporation Hundred Plus, which is the result of the experience of many enterprises. A cross-site scripting vulnerability exists in the Hundred Plus 101EIP system, which originates from the system adding a bulletin...

CVE-2021-32540 Hundred Plus 101EIP - Stored XSS-2

Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack...

Hundred Plus 101EIP system 跨站脚本漏洞

Hundred Plus 101EIP system is a cloud-based office platform of Taiwan Hundred Plus Corporation Hundred Plus, which is the result of the experience of many enterprises. A cross-site scripting vulnerability exists in the Hundred Plus 101EIP system, which originates from the system adding a bulletin...

Hundred Plus 101EIP 跨站脚本漏洞

The Hundred Plus 101EIP system is a cloud-based office platform from Taiwan-based Hundred Plus Corporation Hundred Plus that has been optimized by gathering the experience of many enterprises. 101EIP suffers from a cross-site scripting vulnerability that stems from the calendar add event feature...