Lucene search
K

231 matches found

NVD
NVD
added 2026/04/03 10:16 p.m.4 views

CVE-2016-15058

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...

8.6CVSS0.00213EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/03 9:59 p.m.2 views

CVE-2016-15058 Hirschmann HiLCOS Classic Platform Password Exposure via SNMP

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is...

8.6CVSS5.9AI score0.00213EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 9:37 p.m.6 views

Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity

Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...

9.4CVSS6AI score0.00418EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/27 11:25 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the restore process. An attacker can gain unauthorized administrative privileges by uploading a crafted SQLite database file, allowing access to user management, audit logs, debug endpoints, and operato...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-31980

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description The software contains a privilege escalation issue in gateway-authenticated plugin HTTP routes. The issue incorrectly assigns operator.admin runtime scope, bypassing caller-granted scopes. This...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References10
ICS
ICS
added 2026/03/19 5:0 a.m.6 views

IGL-Technologies eParking.fi

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

5.9AI score
Exploits0References11
ICS
ICS
added 2026/03/19 5:0 a.m.9 views

CTEK Chargeportal

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

5.9AI score
Exploits0References11
Cvelist
Cvelist
added 2026/03/17 9:42 p.m.24 views

CVE-2026-32839 Edimax GS-5008PL <= 1.00.54 CSRF via Management CGI Endpoints

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

5.1CVSS0.00208EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 9:42 p.m.3 views

CVE-2026-32839

Edimax GS-5008PL firmware version 1.00.54 and prior contain a cross-site request forgery vulnerability that allows remote attackers to perform unauthorized administrative actions by inducing logged-in administrators to visit malicious pages. Attackers can exploit the lack of anti-CSRF tokens and...

5.1CVSS5.8AI score0.00208EPSS
Exploits0References4
CVE
CVE
added 2026/03/17 9:42 p.m.15 views

CVE-2026-32839

Edimax GS-5008PL firmware 1.00.54 and earlier is impacted by a cross-site request forgery (CSRF) vulnerability. The issue stems from lack of anti-CSRF tokens and insufficient request validation, enabling remote attackers to coerce logged-in administrators into performing actions via malicious pag...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.6 views

Edimax GS-5008PL 跨站请求伪造漏洞

The Edimax GS-5008PL is a Gigabit Ethernet switch produced by Edimax of Taiwan, China. Versions of the Edimax GS-5008PL prior to 1.00.54 contained a cross-site request forgery vulnerability. This vulnerability stemmed from the lack of anti-CSRF tokens and request validation, which could allow...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2016-10811

ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling...

5.3CVSS5.7AI score0.00207EPSS
Exploits1References7
CVE
CVE
added 2026/03/15 1:35 p.m.7 views

CVE-2016-20028

CVE-2016-20028 affects ZKTeco ZKBioSecurity 3.0. The issue is a Cross-Site Request Forgery (CSRF) that lets an attacker cause administrative actions by coaxing an authenticated user to visit a malicious page. Attacks can craft HTTP requests that add superadmin accounts without validity checks, po...

5.3CVSS5.7AI score0.00207EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/03/11 5:28 p.m.5 views

SUSE CVE-2025-14573

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

3.8CVSS5.8AI score0.00157EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.11 views

Precurio Intranet Portal 代码问题漏洞

Precurio Intranet Portal is a document management portal system developed by the American company Precurio. Version 2.0 of Precurio Intranet Portal has a code vulnerability. This vulnerability stems from the /public/admin/user/submitnew endpoint, where cross-site request forgery exists, potential...

5.3CVSS5.8AI score0.00217EPSS
Exploits0References2
ICS
ICS
added 2026/03/03 6:0 a.m.7 views

Mobiliti e-mobi.hu

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

6AI score
Exploits0References11
ICS
ICS
added 2026/03/03 6:0 a.m.7 views

Everon OCPP Backends

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

6AI score
Exploits0References11
Snyk
Snyk
added 2026/02/26 3:13 a.m.3 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the IsAdmin field in the user profile update process. An attacker can gain unauthorized administrative privileges by sending a crafted PUT request to their own user profile endpoint with IsAdmin set to...

8.8CVSS6AI score0.00306EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.3 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the IsAdmin field in the user profile update process. An attacker can gain unauthorized administrative privileges by sending a crafted PUT request to their own user profile endpoint with IsAdmin set to...

8.8CVSS6AI score0.00306EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/23 4:26 p.m.5 views

CVE-2026-27513 Tenda F3 CSRF in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

5.1CVSS5.2AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder