CVE-2026-8076

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

CVE-2026-8077

CVE-2026-8077 concerns the CashDro 3 web administration panel (v24.01.00.26). The issue is a lack of proper authorization in the backend, with security effectively handled only on the frontend. By altering the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...

CVE-2021-31583

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...

CVE-2025-10223

Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...

CVE-2025-10223 Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)

Insufficient Session Expiration CWE-613 in the Web Admin Panel in AxxonSoft Axxon One C-Werk prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration...

CVE-2025-10223

The CVE-2025-10223 entry describes Insufficient Session Expiration (CWE-613) in the Web Admin Panel of AxxonSoft Axxon One (C‑Werk) on Windows, prior to version 2.0.3. The root cause is an unexpired session token allowing a local or remote authenticated attacker to retain access with removed priv...

PT-2025-37041

Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions prior to 2.0.3 Description: Insufficient session expiration in the Web Admin Panel allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

PT-2024-10734 · Epson · Epson Expression Home Xp255

Name of the Vulnerable Software and Affected Versions: Epson Expression Home XP255 version 20.08.FM10I8 Description: An issue was discovered where the device comes without a password and the user is not prompted to set one up, allowing anyone to access the web admin panel and become admin without...

CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters...

CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters...

CVE-2020-17502

Barco TransForm N before 3.8 allows Command Injection issue 2 of 4. The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An...

CVE-2020-17503

CVE-2020-17503 affects Barco NDN-210 (TransForm N) via a command injection in split_card_cmd.php. The vulnerability allows authenticated users to perform remote code execution over the web admin panel due to improper handling of the http parameter "locking". Affected product is Barco TransForm N;...

CVE-2018-20219

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...

TIBCO BusinessWorks Process Monitor Integration Matters nJAMS Cross-Site Scripting Vulnerability

TIBCO BusinessWorks Process Monitor is a process monitor for the BusinessWorks platform from TIBCO Software, Inc. Integration Matters nJAMS is one of the business process monitoring components used in it. A cross-site scripting vulnerability exists in TIBCO BusinessWorks Process Monitor 3.0.1.3 a...

phpBazar 2.1.1 Remote File Inclusion

Title: phpBazar V2.1.1 stable rfi Vulnerability Author: Sid3^effects Published: 2010-06-03 Verison: 2.1.1 stable vendor: SmartISoft ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 888 888. .8888. .8' 888 888 888 .8'888. .8' 888 888 888.8' 888.8' 888 88b ooo 888' 888' o888o...