CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

CVE-2026-1740

CVE-2026-1740 affects EFM ipTIME A8004T 14.18.2; the flaw is in httpcon_check_session_url inside /cgi/timepro.cgi in the Hidden login/setup interface, enabling remote improper authentication. Exploits are public per the sources; vendor did not respond to disclosure. Mitigation noted in PT-2026-55...

PT-2026-5599

Name of the Vulnerable Software and Affected Versions EFM ipTIME A8004T version 14.18.2 Description A flaw exists in the authentication process of the EFM ipTIME A8004T router. This issue stems from improper authentication within the httpcon check session url function, located in the...

Improper Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Authorization via the backup endpoint in the setup API. An attacker can access sensitive configuration backups by sending authenticated request...

CVE-2025-31963

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

CVE-2025-48862

Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted...

CVE-2025-48862

The CVE affects ctrlX OS (Bosch) where ambiguous wording in the web interface of the setup/backup mechanism could mislead users into thinking the backup is encrypted when a password is set. In reality, only the private key in the backup (if present) is encrypted; the backup file itself remains un...

PT-2022-7390

Name of the Vulnerable Software and Affected Versions Bitrix versions prior to 7.5.0 Description The issue is related to the unrestricted upload of dangerous file types in the "1C-Bitrix: Virtual Machine" VMBitrix virtual server. This can be exploited by a remote attacker to execute arbitrary cod...

Neato Botvac Connected Command Injection Vulnerability

The Neato Botvac Connected is a vacuuming robotic device from the American company Neato Robotics. A command injection vulnerability exists in the setup API in Neato Botvac Connected version 2.2.0. The vulnerability can be exploited to execute arbitrary commands with shell metacharacters in the n...

TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin

Trustwave's SpiderLabs Security Advisory TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin https://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt Published: 12/22/11 Version: 1.0 Vendor: phpMyAdmin http://www.phpmyadmin.net/ Product: phpMyAdmin Version affected: 3.4.8 and...

DEBIAN-CVE-2011-4782

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

CVE-2011-4782

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

CVE-2011-4782

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

CVE-2011-4782

CVE-2011-4782 is a cross-site scripting (XSS) vulnerability in phpMyAdmin 3.4.x prior to 3.4.9, triggered via the host parameter in the setup interface (libraries/config/ConfigFile.class.php). The underlying issue is failure to properly escape/validate the host value, enabling remote attackers to...

CVE-2011-4782

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

phpMyAdmin 3.4.8 Cross Site Scripting

Trustwave's SpiderLabs Security Advisory TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin https://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt Published: 12/22/11 Version: 1.0 Vendor: phpMyAdmin http://www.phpmyadmin.net/ Product: phpMyAdmin Version affected: 3.4.8 and...

phpMyAdmin -- Multiple XSS

The phpMyAdmin development team reports: Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS...

phpMyAdmin Setup Interface Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DEBIAN-CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...