16814 matches found
Cisco Integrated Management Controller 跨站脚本漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...
Cisco Integrated Management Controller(IMC) 跨站脚本漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...
PT-2026-29642
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Cisco Integrated Management Controller(IMC) 缓冲区错误漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...
Cisco Integrated Management Controller(IMC) 跨站脚本漏洞
The Cisco Integrated Management Controller IMC is a set of software developed by Cisco Corporation in the United States, used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as starting, stopping, and restarting server...
WatchGuard Firebox Fireware OS 安全漏洞
WatchGuard Firebox Fireware OS is an operating system developed by the American company WatchGuard, designed to provide security protection and traffic control capabilities for firewall devices. Vulnerabilities exist in versions 12.6.1 to 12.11.8, as well as in versions 2025.1 to 2026.1.2 of...
PT-2026-29559
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation...
PT-2026-29560
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...
PT-2026-29551
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
PT-2026-29558
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation...
GHSA-XMPV-J7P2-J873 Nautobot: Management of users via REST API does not apply configured password validators
Impact In Nautobot versions prior to 2.4.30 or prior to 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's...
CVE-2026-5214
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...
CVE-2026-34203
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...
EUVD-2025-209145
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface UI to execute arbitrary operating system commands as the root user on the Socket’s internal system...
CVE-2025-14213
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface UI to execute arbitrary operating system commands as the root user on the Socket’s internal system...
CVE-2026-5177
A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...
CVE-2026-4020
Gravity SMTP for WordPress versions up to 2.1.4 exposes a REST endpoint at /wp-json/gravitysmtp/v1/tests/mock-data whose permission_callback always returns true, allowing unauthenticated access. When the ?page=gravitysmtp-settings parameter is used, register_connector_data() populates internal da...
CVE-2026-5176 Totolink A3300R cstecgi.cgi setSyslogCfg command injection
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been release...
PT-2026-29240
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface UI to execute arbitrary operating system commands as the root user on the Socket’s internal system...
Cato Networks Socket 安全漏洞
Cato Networks Socket is an edge access device from the Israeli company Cato Networks, designed to provide secure network connections and traffic optimization capabilities. Previous versions of Cato Networks Socket 25 contained security vulnerabilities; these vulnerabilities stemmed from command...