Lucene search
K

211 matches found

CNNVD
CNNVD
added 2025/09/17 12:0 a.m.5 views

NEC UNIVERGE IX 安全漏洞

NEC UNIVERGE IX is a router from Nippon Electric NEC. A security vulnerability exists in the NEC UNIVERGE IX that originates from the ability to inject arbitrary scripts, which could lead to cross-site scripting attacks. The following products and versions are affected: NEC Corporation UNIVERGE I...

5.1CVSS5.9AI score0.00311EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in @zalastax/nolb-react-ix (npm)

The package @zalastax/nolb-react-ix was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-13704 Malicious code in @zalastax/nolb-react-ix (npm)

The package @zalastax/nolb-react-ix was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.9 views

CVE-2024-39290

Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book...

6.5CVSS6.8AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:46 a.m.6 views

CVE-2024-11014

Cross-site request forgery CSRF vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface...

4.3CVSS7.3AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.7 views

CVE-2024-45837

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files...

5.4CVSS7AI score0.00325EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:52 p.m.17 views

CVE-2020-16218

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...

3.5CVSS5AI score0.00658EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.9 views

CVE-2020-27183

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact...

9.8CVSS7.4AI score0.01347EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.7 views

CVE-2020-27179

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens...

9.8CVSS7AI score0.01277EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.8 views

CVE-2020-27180

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...

7.5CVSS6.9AI score0.01219EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.9 views

CVE-2020-27182

Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...

6.1CVSS6AI score0.00812EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 6:9 p.m.8 views

CVE-1999-0447

Local users can gain privileges using the debug utility in the MPE/iX operating system...

4.6CVSS7.2AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:39 a.m.6 views

CVE-2024-11013

Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management...

7.2CVSS7.5AI score0.0107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:22 a.m.8 views

CVE-2024-31408

OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request...

8CVSS7.6AI score0.01077EPSS
Exploits0References1
NVD
NVD
added 2024/11/29 8:15 a.m.16 views

CVE-2024-11014

Cross-site request forgery CSRF vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface...

4.3CVSS0.00177EPSS
Exploits0References1
NVD
NVD
added 2024/11/29 8:15 a.m.8 views

CVE-2024-11013

Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management...

7.2CVSS0.0107EPSS
Exploits0References1
CVE
CVE
added 2024/11/29 8:6 a.m.47 views

CVE-2024-11014

CVE-2024-11014 is a CSRF vulnerability affecting NEC NEC UNIVERGE IX series routers. A logged-in attacker could hijack the authentication of the device’s on-screen management interfaces by convincing a user to visit a crafted link, with affected versions ranging from 9.2 to 10.10.21, 10.8.x up to...

4.3CVSS7.3AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/29 8:6 a.m.16 views

CVE-2024-11014

Cross-site request forgery CSRF vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface...

4.3CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/29 8:6 a.m.9 views

CVE-2024-11014

Cross-site request forgery CSRF vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface...

4.3CVSS7.3AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/29 8:3 a.m.14 views

CVE-2024-11013

Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management...

7.2CVSS0.0107EPSS
Exploits0References1
Rows per page
Query Builder