CVE-2022-23690

A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further...

EUVD-2018-7284

Malware in sbrugna...

EUVD-2018-13113

Malware in sbrugna...

EUVD-2020-6253

Malware in sbrugna...

EUVD-2025-9519

Malicious code in bioql PyPI...

EUVD-2022-26128

Malicious code in bioql PyPI...

EUVD-2023-24374

Malicious code in bioql PyPI...

PT-2025-26660 · Unknown · Blue Angel Software Suite

Name of the Vulnerable Software and Affected Versions: Blue Angel Software Suite affected versions not specified Description: An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping addr parameter in the webctrl.cgi script. The...

CVE-2025-27811

A local privilege escalation in the razerelevationservice.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service...

CVE-2023-51743

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Set Upstream Channel ID UCID parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter...

CVE-2025-4008 Arbitrary Command Injection in Smartbedded MeteoBridge

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

PT-2024-10772 · Epson +1 · Epson Products +1

Name of the Vulnerable Software and Affected Versions: Siime Eye version 14.1.00000001.3.330.0.0.3.14 Description: An issue was discovered in Siime Eye where information on all users, including passwords, can be found in cleartext in a backup file created through the web interface. An attacker...

CVE-2023-51737 Stored Cross Site Scripting Vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. The guidance now notes that Cisco has fixed these vulnerabilities for the 17.3 Cisco IOS XE software releas...

PT-2023-22707 · Milesight · Milesight 4K/H.265 Series Nvr

Name of the Vulnerable Software and Affected Versions: Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC affected versions not specified Description: This issue is due to improper authorization at the Milesight NVR web-based management...

CVE-2020-16209

A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP release 1.0.0.0 by constructing messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device...

Cisco RV110W/RV130/RV130W/RV215W Remote Command Execution and Denial of Service Vulnerability (CNVD-2021-41175)

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A remote command execution and denial of service vulnerability exists in the Web management...

bug found

NetworkEverywhere router Model NR041 latest firmware rev 1.2 Release 03 suffers a "script injection over dhcp" vulnerability. The NR041 does not filter DHCP HOSTNAME options coming from its clients. Because of that, we can inject a web script into the web based administrative interface and wait...