Lucene search
K

4495 matches found

Nuclei
Nuclei
added 5 hours ago71 views

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

5.3CVSS6.2AI score0.02703EPSS
Exploits1References4
Nuclei
Nuclei
added 5 hours ago9 views

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. id: CVE-2025-34023 info: name: Karel IP Phone IP1211 Web Management Pane...

8.5CVSS6.2AI score0.01441EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday117 views

Viessmann Vitogate 300 - Hardcoded Password

A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface. id: CVE-2023-5222 info: name: Viessmann Vitogate 300 - Hardcoded Password author: ritikchaddha severity: critical description: | A critica...

9.8CVSS6.7AI score0.74697EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday26 views

Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

9.3CVSS6.2AI score0.74535EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2025-210451

An unauthenticated path traversal vulnerability exists in the web management interface of WTI Wireless Technology, Inc. version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web roo...

7.5CVSS6.1AI score0.00565EPSS
Exploits1References3
NVD
NVD
added 4 days ago5 views

CVE-2025-70796

An unauthenticated path traversal vulnerability exists in the web management interface of WTI Wireless Technology, Inc. version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web roo...

7.5CVSS0.00565EPSS
Exploits1References2
NVD
NVD
added 5 days ago8 views

CVE-2026-57021

An Out-of-bounds Write vulnerability in the http-gatekeeper http-gk of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a...

6.9CVSS0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-52200

An issue in Generic OEM UZ801v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk...

0.00515EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56623

Name of the Vulnerable Software and Affected Versions Generic OEM UZ801 v2.1 4G LTE Router version 3.4.3 Description A remote attacker can execute arbitrary code through the /ajax web management API endpoint located within the MifiService.apk component. Recommendations At the moment, there is no...

9.8CVSS6.4AI score0.00515EPSS
Exploits0References5
Nuclei
Nuclei
added last week85 views

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS6.9AI score0.88874EPSS
Exploits0References5
CVE
CVE
added last week14 views

CVE-2026-12948

The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-42048

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added last week35 views

CVE-2026-12948 Stored Cross-Site Scripting (XSS)

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56193

Name of the Vulnerable Software and Affected Versions Digi PortServer TS affected versions not specified Digi One SP affected versions not specified Digi One SP IA affected versions not specified Digi One IA affected versions not specified Description A stored cross-site scripting XSS issue exist...

4.8CVSS6.1AI score0.00269EPSS
Exploits0References4
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.4 views

Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...

6.9CVSS6AI score0.00235EPSS
Exploits0Affected Software2
NVD
NVD
added 2026/06/30 7:16 a.m.7 views

CVE-2026-56808

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product...

8.6CVSS0.0155EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 6:0 a.m.28 views

CVE-2026-56808

The CVE-2026-56808 entry concerns the DGM3103SCT device from AVTECH Security Corporation. The vulnerability is described as an OS command injection that can allow arbitrary command execution with root privileges by a user who can log in to the device’s web management console. The available connec...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 6:0 a.m.6 views

EUVD-2026-40265

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 4:16 p.m.8 views

CVE-2026-9105

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process...

6.8CVSS0.00554EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

9CVSS7.3AI score0.01614EPSS
Exploits0References1
Rows per page
Query Builder