Lucene search
K

23 matches found

CVE
CVE
added 5 days ago11 views

CVE-2026-12593

The CVE concerns Axivion Dashboard’s OIDC/OAuth2/SSO subsystem. An internal, undocumented API endpoint (POST /api/users/~/{user}/tokens) did not enforce sufficient permissions when creating an API token for another user. Preconditions include an internal user with higher privileges, knowledge of ...

8.7CVSS6.4AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36615

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...

4.3CVSS5.7AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-2812

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...

5.3CVSS5.5AI score0.0036EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 3:16 p.m.20 views

CVE-2026-35906

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

9.6CVSS0.00466EPSS
Exploits1References4
CVE
CVE
added 2026/06/04 12:0 a.m.24 views

CVE-2026-35906

CVE-2026-35906 affects T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03. The vulnerability stems from an undocumented debug CGI endpoint that is accessible without authentication, allowing an attacker to supply a crafted HTTP query string to execute arbitrary commands with root privile...

9.6CVSS6.1AI score0.00466EPSS
Exploits1References4
NVD
NVD
added 2026/06/03 6:16 p.m.15 views

CVE-2026-36615

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...

4.3CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:0 a.m.17 views

EUVD-2026-34153

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...

4.3CVSS5.9AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.41 views

CVE-2026-36615

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...

0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.6 views

CVE-2026-36615

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...

4.3CVSS5.9AI score0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.9 views

CVE-2026-36615

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network...

5.9AI score0.00166EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.24 views

CVE-2026-36615

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 is affected by CVE-2026-36615 due to an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network. The issue stems from exposure of internal data to nearby devices wit...

4.3CVSS5.9AI score0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:47 p.m.9 views

CVE-2026-2812

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...

5.3CVSS5.8AI score0.0036EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/20 5:47 p.m.29 views

CVE-2026-2812 Improper Authentication issue in ArcGIS Server

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...

5.3CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 5:47 p.m.28 views

CVE-2026-2812

Summary: CVE-2026-2812 affects ArcGIS Server (12.0 and earlier) due to an improper authentication flaw in an undocumented administrative endpoint. An unauthenticated attacker can trigger a crafted request to that endpoint, potentially disrupting the web-based browsing interface. The available doc...

5.3CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.4 views

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:30 a.m.5 views

EUVD-2025-208355

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 9:30 a.m.5 views

EUVD-2025-208359

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2026/03/09 9:15 a.m.6 views

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 8:15 a.m.31 views

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS0.00334EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.4 views

PT-2026-24024

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References2
Rows per page
Query Builder