101 matches found
NEC Aterm series vulnerable to cross-site scripting (NV26-002)
Overview Aterm series products provided by NEC Corporation contain the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-6059 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
Zyxel WRE6505 安全漏洞
The Zyxel WRE6505 is a wireless signal extension device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 firmware version 1.00ABDV.3C0 contains a security vulnerability. This vulnerability stems from improper CGI program coding or escaping, which may allow adjacent WLAN attackers to...
CVE-2023-45741
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands...
EUVD-2021-14873
Malware in sbrugna...
EUVD-2021-14870
Malware in sbrugna...
EUVD-2023-41454
Malicious code in bioql PyPI...
EUVD-2023-41452
Malicious code in bioql PyPI...
EUVD-2023-34111
Malicious code in bioql PyPI...
EUVD-2025-2141
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-11146
Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”...
CVE-2025-6983
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...
PT-2025-29878 · Tp Link · Archer C1200
Name of the Vulnerable Software and Affected Versions: TP-Link Archer C1200 versions prior to 1.1.6 Description: A clickjacking issue exists in the web management page of the TP-Link Archer C1200. This allows an attacker to deceive users into performing actions they did not intend through the...
CVE-2023-51363
VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information...
CVE-2023-37568
ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page...
CVE-2025-20620
SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page...
CVE-2025-20620
CVE-2025-20620 is a SQL Injection affecting STEALTHONE D220/D340 (and related models). The vulnerability could allow an unauthenticated attacker with network access to obtain the administrative password on the web management page. Root cause cited in a PT Security advisory points to lack of prote...
PT-2025-1296 · Unknown · Stealthone D220/D340
Name of the Vulnerable Software and Affected Versions: STEALTHONE D220/D340 versions up to 6.03.02 Description: A SQL Injection vulnerability exists in the STEALTHONE D220/D340, allowing an attacker who can access the affected product to obtain the administrative password of the web management...
PT-2025-1294 · Unknown · Stealthone D220 +2
Name of the Vulnerable Software and Affected Versions: STEALTHONE D220/D340/D440 affected versions not specified Description: A user with administrative privileges who logs in to the web management page of the affected product may execute an arbitrary OS command. The vulnerability is related to t...
CVE-2024-45372
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc...
CVE-2024-45836
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user...