CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

PT-2026-7623

Name of the Vulnerable Software and Affected Versions Shenzhen Zhibotong Electronics ZBT WE2001 version 23.09.27 Description A flaw exists in the web management API components that allows unauthenticated attackers on the local network to modify router and network configurations. Attackers can...

EUVD-2024-18107

Malicious code in bioql PyPI...

EUVD-2023-34429

Malicious code in bioql PyPI...

CVE-2023-29117

Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...

CVE-2023-29117 Authentication Bypass in JuiceBox Web Manager interface

Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system...

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS that stems from insufficient input validation of certain parameters passed to the Web-based management API of an affected system, allowing an unauthenticated, remote attacker to...

Lenovo ThinkSystem 安全漏洞

Lenovo ThinkSystem is a ThinkSystem series server device from Lenovo, a Chinese company. A security vulnerability exists in Lenovo ThinkSystem. An attacker exploited the vulnerability to execute commands without sufficient privileges on SMM v1, SMM v2, and FPC using specially designed Web...