CVE-2026-5214

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

EUVD-2012-0751

Malware in sbrugna...

EUVD-2017-15071

Malware in sbrugna...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

CVE-2025-59345

CVE-2025-59345 affects Dragonfly (open source P2P file distribution/image acceleration). Before version 2.1.0, the Manager web UI endpoints /api/v1/jobs and /preheats were accessible without authentication, allowing any user with network access to create, delete, and modify jobs and to create pre...

PT-2025-38253

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description The /api/v1/jobs and /preheats endpoints in the Manager web UI are accessible without authentication. An unauthenticated adversary with network access to a Manager web UI can create, delete, and...

Dragonfly doesn't have authentication enabled for some Manager’s endpoints

The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs endpoi...

CVE-2021-42369

Imagicle Application Suite for Cisco UC before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...

Cross-site Scripting (XSS)

com.liferay:com.liferay.marketplace.app.manager.web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to properly escape user-supplied input in the Marketplace App Manager Web module, allowing injection of JavaScript by unauthenticat...

CVE-2023-20261

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...

Information Disclosure

org.apache.inlong: manager-web is vulnerable to Information Disclosure. The vulnerability is due to the list and getByName functions in UserController.java lacking Role-Based Access Control. This allows any authenticated user to access data that meant for admin regardless of their role...

Can't view license usage on Studio - Error "Citrix license server unavailable"

Can't view license usage on Studio - "Citrix License server unavailable." When accessing the License Manager web console, error Unsupported Protocol with the message "The client and server don't support a common ssl protocol version or cipher suite" appears...

Path Traversal - Archiving Files to Zip

Description The Tiny File Manager pack files feature is vulnerable to path traversal, which allows an attacker to access files that reside outside the web document root directory. The vulnerability occurs as the "file" parameter is not sanitized properly, thus allowing a malicious user to input...

CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server...