6553 matches found
FOGProject <= 1.5.10.1673 - Authentication Bypass
FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database informatio...
Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...
Tattile Camera < 1.181.5 - Default Login
Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...
Cisco VPN Routers - Unauthenticated Arbitrary File Upload
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...
FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...
EUVD-2026-44845
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulti...
CVE-2026-30618
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulti...
CVE-2026-11851
Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...
EUVD-2026-44584
Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...
PT-2026-60311
Name of the Vulnerable Software and Affected Versions xszyou Fay version 4.3.1 Description Remote code execution is possible via the MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface to configure an MCP STDIO...
RLSA-2026:36211 Moderate: freeipmi security update
The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client CVE-2026-50031 For more details about the...
freeipmi: buffer overflows on response messages via ipmi-oem
A flaw was found in FreeIPMI. The ipmi-oem program is used to send Intelligent Platform Management Interface IPMI OEM commands for specific hardware vendors to retrieve specific information from the hardware. A malicious server can reply with crafted response messages and cause buffer overflows...
Linux Distros Unpatched Vulnerability : CVE-2026-57214
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML...
CVE-2026-57212
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...
CVE-2026-57214
RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange...
UBUNTU-CVE-2026-57214
RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange...
UBUNTU-CVE-2026-57212
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...
CVE-2026-57214 RabbitMQ: Stored XSS in RabbitMQ management UI
RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange...
CVE-2026-57214
This CVE affects RabbitMQ’s management UI prior to version 4.2.5. The vulnerability arises when the management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, enabling stored cross-site scripting ...
CVE-2026-57211
CVE-2026-57211 affects RabbitMQ on Windows where the management plugin’s static file handler (rabbit_mgmt_wm_static) can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path validation when multiple management extension plugins are enabled. This leads to outbound DNS and SMB...