CVE-2026-8271 D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgispeed/cgidhcpdlease/cgiddns/cgisetip/cgiupnpdel/cgidhcpd/cgiupnpadd/cgiupnpedit of the file /cgi-bin/networkmgr.cgi. The manipulation leads to os command injection. The attack is possible to be carri...

Ricoh Web Image Monitor 输入验证错误漏洞

Ricoh Web Image Monitor is a network management interface for multifunctional printing devices from the Japanese company Ricoh. It provides remote monitoring and configuration capabilities. Ricoh Web Image Monitor has a vulnerability related to input validation, which stems from open redirection...

CVE-2025-56015

CVE-2025-56015 affects GenieACS 1.2.13, with an unauthenticated access vulnerability in the NBI API endpoint. The connected sources describe a proof‑of‑concept exploit enabling sandbox escape and arbitrary code execution (RCE) via the NBI API, potentially leading to full server compromise. Exploi...

CVE-2017-20238

Hirschmann Industrial HiVision (versions 06.0.00 and 07.0.00 before 06.0.06 and 07.0.01) contains an improper authorization vulnerability that lets read-only users gain write access to managed devices by bypassing access controls. The issue affects multiple interfaces, including the web UI and SN...

CVE-2026-5215

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function...

CVE-2025-37155

CVE-2025-37155 describes an improper access-control flaw in the SSH restricted shell interface of network management services. The vulnerability could allow an attacker with authenticated read-only privileges to escalate to administrator access on affected systems. Documented in multiple sources,...

CVE-2025-20214

A vulnerability in the Network Configuration Access Control Module NACM of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner API call behavior caus...

CVE-2025-20214

CVE-2025-20214 affects Cisco IOS XE Software NACM. A subtle change in inner API call behavior can cause NACM-filtered results to be returned, enabling an authenticated remote attacker to read configuration or operational data via NETCONF, RESTCONF, or gNMI. The attack requires the attacker to hol...

CVE-2023-24512

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...

Arista Networks Arista EOS 安全漏洞

Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...