CVE-2025-41708

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission...

CVE-2025-41708 Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission...

CVE-2025-41708

CVE-2025-41708 involves cleartext transmission due to an insecure default configuration that uses HTTP for the web interface. An unauthenticated attacker on the same network could learn sensitive data during transmission. Connected documents reference affected products (e.g., Bender devices) but ...

PT-2025-36445

Name of the Vulnerable Software and Affected Versions: Bender Charge Controller product families including CC612, CC613, ICC13xx, ICC15xx, ICC16xx Description: The web interface uses HTTP instead of HTTPS due to an insecure default configuration. An unauthenticated attacker on the same network...

CVE-2023-3348

The Wrangler command line tool [email protected] or [email protected] was affected by a directory traversal vulnerability when running a local development server for Pages wrangler pages dev command. This vulnerability enabled an attacker in the same network as the victim to connect to the local...

CVE-2025-24271

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it...

CVE-2024-29822

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

CVE-2024-29830

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code...

PT-2024-12860 · Philips · Philips Vue Pacs

Name of the Vulnerable Software and Affected Versions: Philips Vue PACS affected versions not specified Description: A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information...

PT-2024-27702 · Xiaomi · Redmi Router Rb03

Name of the Vulnerable Software and Affected Versions: Redmi router RB03 version 1.0.57 Description: The issue allows an attacker in the same WLAN as the victim to hijack traffic between the victim and any remote server by sending forged ICMP redirect messages. This can be exploited by an attacke...

Rockwell Automation GuardLogix and CompactLogix Security Vulnerabilities

Rockwell Automation GuardLogix and Rockwell Automation CompactLogix are both series of controllers from Rockwell Automation, Inc. A security vulnerability exists in several Rockwell Automation products. An attacker has exploited the vulnerability to cause a major unrecoverable failure of all...

CVE-2024-29824

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

Ivanti EPM Security Vulnerability

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. A security vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which stems from the presence of SQL injection that allows an authenticated attacker within the same network to execute...

DELL ECS Connection Manager 安全漏洞

DELL ECS Connection Manager is a software from Dell USA for managing enterprise cloud storage. A security vulnerability exists in DELL ECS Connection Manager that originates from allowing an unauthenticated attacker to access computers on the same network in an HA or cluster group via an IP...

AnythingLLM Code Issue Vulnerability

AnythingLLM is a document chatbot that meets business requirements. A code issue vulnerability exists in AnythingLLM. An attacker could use this vulnerability to escalate privileges to brute force the IPs of other services located on the same network as AnythingLLM...

Authorization

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information...

CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information...

Noticing exceptionally high current client connections for a single server within the service group

Go check Load Balance Virtual Server's Statistics data, under theBound Service Group Members Summary tab,you've observed that the Current client connection count of specific server is significantly higher than the other servers within the same service group. In NS shell mode, "nsconmsg ConLb=2...

CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

PT-2023-20563 · Coretec 4 · Coretec 4

Name of the Vulnerable Software and Affected Versions: CoreTec 4 affected versions not specified Description: A vulnerability exists that can be exploited by an authenticated client connected to the same network segment as the system, with any level of access from VIEWER to ADMIN. The attacker ca...