CVE-2026-33583

Summary of CVE-2026-33583 : The Arqit Symmetric Key Agreement Platform exposes the QKEY (used in OTA-Quantum device registration) and internal system keys via an unauthenticated and unencrypted HTTP GET request. This vulnerability affects the platform version prior to 26.03 and is characterized b...

CVE-2026-39848 Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

CVE-2025-13658 Industrial Video & Control Longwatch has a Code Injection vulnerability

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...

EUVD-2024-2481

Malicious code in bioql PyPI...

CVE-2024-47902

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not authenticate GET requests...

Siemens InterMesh 7177和Siemens InterMesh 7707 访问控制错误漏洞

InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices due to a web server in the affected devices that does not authenticate a GET request that executes a specifi...

CVE-2024-23766

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway or at least most of its modules. An attacker can use this feature to carry out a denial of...

CVE-2024-23766

CVE-2024-23766 affects HMS Anybus X-Gateway AB7832-F (3 devices) where an unauthenticated GET request to a specific URL on port 80 can reboot the gateway or many modules, enabling DoS via repeated requests. Documented impact is availability loss (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; bas...

CVE-2021-41553

In ARCHIBUS Web Central 21.3.3.815 (2014), the Web Application at /archibus/login.axvw assigns a session token that can already be in use by another user. After login, the app does not issue a new token, continuing to use the inserted token as the session identifier. It is also possible to set th...

Cross site request forgery (csrf)

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request...

Cross site request forgery (csrf)

An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...

CVE-2019-20487

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request exploitable directly or through CSRF, as demonstrated by the setup.cgi?todo=savehtpaccount URI...

CVE-2017-9675

CVE-2017-9675 affects the D-Link DIR-605L routers with firmware versions prior to 2.08UIBetaB01.bin. The flaw allows an unauthenticated HTTP GET request to trigger a reboot, resulting in a denial of service. Reports and references (including exploit-db) describe a vulnerability in the HTTP GET ha...