Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Zero Day Initiative
Zero Day Initiativeadded 2025/10/01 12:0 a.m.3 views

Viessmann Vitogate 300 BN/MB vitogate.cgi form-0-2 Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Viessmann Vitogate 300 BN/MB devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON payload data provided to the vitogate.cg...

6.8CVSS7.3AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/25 2:53 a.m.2 views

CVE-2025-9494

An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...

8.5CVSS8.3AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/09/27 12:0 a.m.1 views

PT-2023-31940 · Viessmann · Viessmann Vitogate 300

Name of the Vulnerable Software and Affected Versions: Viessmann Vitogate 300 versions up to 2.1.3.0 Description: A critical vulnerability was found in the Web Management Interface component of Viessmann Vitogate 300. This issue affects the isValidUser function of the file /cgi-bin/vitogate.cgi,...

9.8CVSS6.5AI score0.90238EPSS
Exploits4References16
Rows per page
Query Builder