Lucene search
+L

27 matches found

Vulnrichment
Vulnrichment
added 2025/12/04 9:10 p.m.4 views

CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...

7.4CVSS6.5AI score0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/04 9:10 p.m.23 views

CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...

7.4CVSS0.00299EPSS
Exploits0References2
CVE
CVE
added 2025/12/04 9:10 p.m.18 views

CVE-2025-66238

CVE-2025-66238 affects Sunbird DCIM dcTrack. An authenticated user with access to the appliance’s virtual console can misuse remote access features to redirect network traffic, potentially accessing restricted services or data on the host. The Red Hat/NVD/CISA entries corroborate a high-severity ...

7.4CVSS6.5AI score0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/04 9:2 p.m.27 views

CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

8.4CVSS0.00117EPSS
Exploits0References2
CISA
CISA
added 2025/12/04 12:0 p.m.7 views

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-338-01 Mitsubishi Electric GX Works2 ICSA-25-338-02 MAXHUB Pivot ICSA-25-338-03 Johnson Controls OpenBlue...

6.6AI score
Exploits0References9
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.5 views

Sunbird DCIM dcTrack 信任管理问题漏洞

Sunbird DCIM dcTrack is an asset monitoring management software from Sunbird DCIM, Inc. A trust management issue vulnerability exists in Sunbird DCIM dcTrack that stems from the use of default and hard-coded credentials, which could lead to database management or system command execution...

8.4CVSS6.9AI score0.00117EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.8 views

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

4.8CVSS5.8AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.9 views

CVE-2024-37774

A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...

8CVSS7AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.7 views

CVE-2024-37773

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...

4.8CVSS7AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 10:15 p.m.20 views

CVE-2024-37775

Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check...

7.5CVSS0.00461EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 10:15 p.m.10 views

CVE-2024-37774

A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...

8CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 10:15 p.m.14 views

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

4.8CVSS0.00295EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 10:15 p.m.11 views

CVE-2024-37773

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...

4.8CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/16 12:0 a.m.9 views

CVE-2024-37773

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...

7.2AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.4 views

Sunbird DCIM dcTrack 安全漏洞

Sunbird DCIM dcTrack is an asset monitoring management software from Sunbird DCIM. A security vulnerability exists in Sunbird DCIM dcTrack version v9.1.2 that stems from the presence of cross-site request forgery CSRF, which allows an authenticated attacker to elevate the privileges of an...

8CVSS6.5AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2024/12/16 12:0 a.m.54 views

CVE-2024-37775

Sunbird DCIM dcTrack 9.1.2 contains an access-control flaw that allows an attacker to create or update a ticket with a location while bypassing RBAC checks. The issue is documented across multiple sources (Red Hat and NVD/CNNVD entries) with the same vulnerability description: faulty access contr...

7.5CVSS7AI score0.00461EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/16 12:0 a.m.16 views

CVE-2024-37773

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...

0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/16 12:0 a.m.20 views

CVE-2024-37774

A Cross-Site Request Forgery CSRF in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens...

0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/16 12:0 a.m.25 views

CVE-2024-37775

Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check...

0.00461EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/16 12:0 a.m.15 views

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

0.00295EPSS
Exploits0References1
Rows per page
Query Builder