Lucene search
K

6497 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.13 views

CVE-2026-20081

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

6.5CVSS5.8AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-20060

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...

4.7CVSS5.5AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.8 views

CVE-2026-7856

A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /urlmember.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and...

8.6CVSS7.7AI score0.04589EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

10CVSS5.4AI score0.00438EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41038

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading...

8.8CVSS5.5AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.8 views

CVE-2026-49203

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

8.3CVSS5.4AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.7 views

CVE-2026-9543

A vulnerability has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. T...

10CVSS7.4AI score0.02133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-9627

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...

9CVSS8.1AI score0.00497EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45431

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-45432

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS5.5AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-46906

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS5.9AI score0.0092EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.7 views

CVE-2024-27892

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

9.6CVSS0.00302EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 3:30 p.m.11 views

EUVD-2026-34274

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component...

5.8AI score0.00547EPSS
Exploits1References5
NVD
NVD
added 2026/06/04 12:16 p.m.17 views

CVE-2026-45431

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS0.00388EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 12:7 p.m.10 views

CVE-2026-45432 Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 12:4 p.m.8 views

CVE-2026-45431 Command Injection Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 12:4 p.m.36 views

CVE-2026-45431 Command Injection Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS0.00388EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:4 p.m.7 views

CVE-2026-45431

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...

8.7CVSS6.5AI score0.00388EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 a.m.13 views

CVE-2026-49203

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

8.3CVSS0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.8 views

CVE-2026-35904

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component...

5.8AI score0.00547EPSS
Exploits1References5
Rows per page
Query Builder