Lucene search
K

515 matches found

NVD
NVD
added 2026/02/07 12:15 a.m.5 views

CVE-2020-37146

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /configbackup.bin endpoint, exposing credentia...

8.7CVSS0.00414EPSS
Exploits0References4
OSV
OSV
added 2026/02/06 10:52 p.m.9 views

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

9.8CVSS5.5AI score0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.9 views

PT-2026-6622

Name of the Vulnerable Software and Affected Versions Tanium Patch affected versions not specified Description Tanium Patch has an issue with incorrect default permissions. This could potentially allow unauthorized access or modification of system settings. There is no information available...

6.5CVSS5.4AI score0.00312EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:18 a.m.5 views

CVE-2021-0338

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

5.5CVSS6.6AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.8 views

CVE-2019-16531

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php...

8.8CVSS6.9AI score0.02549EPSS
Exploits5References1
NVD
NVD
added 2025/12/24 8:15 p.m.18 views

CVE-2019-25238

V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to create admin users, enable SSH, or modify system settings by tricking authenticated...

5.1CVSS0.00145EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.54 views

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

8.7CVSS0.0035EPSS
Exploits1References3
CVE
CVE
added 2025/12/24 7:27 p.m.36 views

CVE-2019-25238

The provided connected documents confirm CVE-2019-25238 concerns V-SOL GPON/EPON OLT Platform 2.03 and describe a cross-site request forgery (CSRF) vulnerability. Exploitation involves convincing authenticated administrators to load a malicious page, enabling attackers to perform actions such as ...

5.1CVSS6.3AI score0.00145EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.3 views

CVE-2018-25149 Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

6.5CVSS5.8AI score0.00194EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.30 views

CVE-2018-25149 Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

6.5CVSS0.00194EPSS
Exploits2References3
CVE
CVE
added 2025/12/24 7:27 p.m.17 views

CVE-2018-25149

CVE-2018-25149 affects Microhard Systems IPn4G 1.1.0. The vulnerability is a cross-site request forgery (CSRF) in the device’s web interface that allows an attacker to induce administrative actions without user consent by tricking an authenticated user into loading a malicious page. Documented im...

6.5CVSS6.3AI score0.00194EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.20 views

PT-2025-53343

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple authenticated operating system command execution flaws. These flaws permit attackers to manipulate binary paths when altering system settings. Exploitation involves...

8.7CVSS7.3AI score0.0035EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.17 views

PT-2025-53369

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

5.1CVSS6.7AI score0.00194EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.9 views

PT-2025-50516

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

8.7CVSS6.8AI score0.00642EPSS
Exploits1References6
NVD
NVD
added 2025/12/09 9:15 p.m.8 views

CVE-2021-47702

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...

5.3CVSS0.00165EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/09 8:35 p.m.2 views

CVE-2021-47702 OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...

5.3CVSS6.5AI score0.00165EPSS
Exploits2References4
CVE
CVE
added 2025/12/09 8:35 p.m.14 views

CVE-2021-47702

OpenBMCS 2.4 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. This can enable malicious requests to trigger tasks such as sending emails or altering system settings...

5.3CVSS6.5AI score0.00165EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2025/12/04 8:42 p.m.16 views

CVE-2024-58277

CVE-2024-58277 affects the R Radio Network FM Transmitter v1.07, where an unauthenticated actor can access the admin password via the system.cgi endpoint, enabling authentication bypass and FM station setup access. Public sources (Zero Science Lab) describe an improper access control allowing dis...

8.7CVSS7AI score0.0039EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47499

Name of the Vulnerable Software and Affected Versions ELCA Star Transmitter Remote Control firmware version 1.25 Description The ELCA Star Transmitter Remote Control firmware version 1.25 has an issue that allows unauthenticated attackers to retrieve admin credentials and system settings. This is...

7.5CVSS6.9AI score0.00364EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/19 12:0 a.m.2 views

CVE-2025-63223

The Axel Technology StreamerMAX MK II devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

6.7AI score0.00698EPSS
Exploits1References2
Rows per page
Query Builder