EUVD-2026-37577

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...

PT-2026-39590

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4 Description A Reflected Cross-Site Scripting XSS issue exists in the '/install/upgrade.php' endpoint. This allows an attacker to execute arbitrary JavaScript in a victim's browser by providing a specially crafted URL...

EUVD-2020-7492

Malware in sbrugna...

CVE-2025-10441

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub433F7C of the file versionupgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched...

CVE-2025-10441 D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub433F7C of the file versionupgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched...

PT-2024-9270 · Mitel · Mitel 6869I

Name of the Vulnerable Software and Affected Versions: Mitel 6869i version 4.5.0.41 Description: The issue is related to the Manual Firmware Update upgrade.html page, which does not perform sanitization on the username and path parameters sent by an authenticated user. This lack of sanitization...

VulnCheck KEV: CVE-2022-2486

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2021-46232

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function versionupgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter...

Cisco Expressway Series and TelePresence Video Communication Server Image Verification RCE (cisco-sa-ewver-c6WZPXRx)

According to its self-reported version, Cisco TelePresence Video Communication Server is affected by a vulnerability in the image verification function that allows an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability...

Input validation

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

CVE-2021-34715 Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

CVE-2020-15499

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.38520253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page...

New Relic: Upgrade menu exposes the mobile application token meant to only be visible to administrators

Usually, the restricted user is not able to view the mobile application token for a mobile app - the page that this token is visible on is only accessible to administrators. However - there exists a workaround to this if you are a restricted user and you still want to obtain this token - simply...

CVE-2018-15430

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...

CVE-2018-15430

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...

portraitprofessional.com XSS vulnerability

Open Bug Bounty ID: OBB-607407 Description| Value ---|--- Affected Website:| portraitprofessional.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Jaws 0.8.8 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. Jaws 0.8.8 Local File Inclusion POST /upgrade/index.php language=../../../../../../../../../../../../etc/passwd%00 POST /install/index.php language=../../../../../../../../../../../../etc/passwd%00 Also vulnerable: Introductioncomplete uselog Author notified: Ja...

CVE-2008-2496

Multiple cross-site scripting XSS vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 login.php, and 3 credits.php in admin/, and 4 upgrade/index.php...