1437 matches found
CVE-2025-15051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting in the Web UI, allowing embedded JavaScript to alter functionality. The connected IBM security bulletin specifies CVE-2025-15051, with CWE-79, CVSS 3.1 base score 5.4 (UI: REQUIRED, AV:N, AC:L, PR:L; C/L/I...
EUVD-2026-12685
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...
CVE-2026-30695
The CVE-2026-30695 entry concerns a Cross-Site Scripting (XSS) vulnerability in the web-based configuration interface of Zucchetti Axess access control devices (models XA4, X3/X3BIO, X4, X7, XIO / i-door / i-door+). The issue is caused by improper sanitization of user-supplied input in the dirBro...
CVE-2026-0835
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alterin...
CVE-2026-32106
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...
CVE-2026-3943
CVE-2026-3943 affects H3C ACG1000-AK230. The vulnerability is a remote command-injection in an unknown part of /webui/?aaa_portal_auth_local_submit caused by manipulation of the argument suffix. Exploitation is possible without authentication and can be executed remotely; exploit details are publ...
ROS-20260310-73-0013
A vulnerability in the user interface UI of the Google Chrome browser is related to the lack of a user warning about unsafe actions. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...
CVE-2025-70225
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component...
EUVD-2026-9444
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...
CVE-2026-20079
A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...
PT-2026-23106
Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.12.0 Description ZITADEL, an open source identity management platform, had a flaw in its login V2 UI. This allowed users to circumvent login behavior and security policies, enabling self-registration of new...
CVE-2026-3343
A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...
CVE-2026-20091
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of...
Security Bulletin: NVIDIA Cumulus Linux and NVOS - February 2026
NVIDIA has released an update for Cumulus Linux and NVOS to address the security issues that might lead to impacts described in this bulletin. To protect your system, download and install the latest NVIDIA components from the links provided in this document. Go to NVIDIA Product Security. Details...
PT-2026-21799
Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to SQL Injection through its main web interface. Successful exploitation may allow attackers to execute code remotely. The vulnerability does not...
PT-2026-21800
Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to OS command injection through a field in its MMadmServ web interface. This allows attackers to potentially execute remote code. The vulnerabilit...
CVE-2026-27513 Tenda F3 CSRF in Web Management Interface
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...
PT-2026-21531
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...
Yokogawa Electric Corporation Vnet/IP Interface 安全漏洞
Yokogawa Electric Corporation Vnet/IP Interface is a real-time control network interface of Yokogawa Electric Corporation. Versions of Yokogawa Electric Corporation Vnet/IP Interface prior to R1.07.00 contained a security vulnerability. This vulnerability stemmed from the handling of malicious da...
Vulnerability fixed in Cisco Meeting Management
Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...