CVE-2025-41746

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

EUVD-2025-201896

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

CVE-2025-41746

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

CVE-2025-41746

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

CVE-2025-41746

CVE-2025-41746 is a reflected XSS vulnerability in pxc_portSecCfg.php (pxc_portSecCfg.php/pxc portSecCfg.php as reported) that an unauthenticated attacker could leverage to induce an authenticated user to submit a manipulated POST request to change device configuration via the web UI. The issue i...

CVE-2025-41746 Reflected XSS vulnerability in pxc_portSecCfg.php

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

EUVD-2005-1944

Malware in sbrugna...

EUVD-2019-8140

Malware in sbrugna...

CVE-2019-18352

Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security...

CVE-2025-43015

JetBrains RubyMine (prior to 2025.1) is affected by CVE-2025-43015, where the remote Interpreter overwrote ports to listen on all interfaces. The issue is documented across multiple sources (including PT-2025-17201) and indicates potential information disclosure risks. Affected product: RubyMine ...

SMB Group Policy Preference Saved Passwords Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB Group Policy Preference Saved Passwords Enumeration', 'Description' = %Q This module enumerates files from target domain controllers and...

Considerations for Connecting XenServer to the Switch Ports

This article contains information about connecting XenServer to a switch. Background Switch ports must be configured differently for a XenServer host as opposed to a standard computer. The following considerations are recommended when connecting a XenServer to a switch: If using Spanning Tree...

Siemens SIPROTEC 5 devices weak encryption vulnerability

SIPROTEC 5 devices offer a range of integrated protection, control, measurement and automation functions for substations and other applications. A weak cryptography vulnerability exists in Siemens SIPROTEC 5 devices due to affected devices supporting weak cryptography on multiple ports 443/tcp fo...

CVE-2024-24760

CVE-2024-24760 affects mailcow, a dockerized mail suite, with exposed dockerized ports. The root issue: containers on a bridged network are reachable from the same subnet even when ports are bound to 127.0.0.1, enabling potential access to exposed ports. Affected versions are prior to 2024-01c. T...

CVE-2022-43096

Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port...

CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

Taming the Digital Asset Tsunami

Internet Protocol IP addresses and the devices, web services and cloud assets behind them are the lifeblood of modern businesses. But too often companies amass thousands of digital assets, creating an unmanageable mess for IT and security teams. Left unchecked, a single forgotten, abandoned or...

OBDeleven vulnerability

OBDelevens OBD-II dongle is an onboard diagnostics port module that connects to a mobile app over Bluetooth. It takes advantage of weaknesses in UDS secure access to unlock the vehicle ECU and enable enhanced diagnostics and some additional functionality. Some of these functions are only availabl...

CVE-2019-18352

Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security...

CVE-2019-18352

Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security...