CVE-2020-7470

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...

CVE-2024-58296

CE Phoenix v3.0.1 has a stored cross-site scripting vulnerability in the currencies administration panel (admin/currencies.php). An attacker can inject JavaScript by placing XSS payloads in the title field, which executes when administrators view the currencies page. The issue is reported across ...

CVE-2025-63361

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to render the Administrator password in plaintext...

BIT-ACTIVEMQ-2020-13947

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0...

EUVD-2025-200290

A vulnerability has been found in D-Link R15 AX1500 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd...

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...

CVE-2025-25613

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext usi...

CVE-2025-25613

FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext usi...

PT-2025-47631

Name of the Vulnerable Software and Affected Versions FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch versions prior to 2.2.0D Build 135103 Description The FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch transmits cookies containing usernames and passwords in cleartext using base64...

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...

CVE-2021-4466 IPCop <= 2.1.9 Authenticated RCE

IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAILPW parameter, directly into system-level operations without...

CVE-2025-11565

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload...

EUVD-2025-131906

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload...

CVE-2025-11565

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload...

CVE-2025-11565

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload...

PT-2025-46657

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A path traversal issue exists that could lead to elevated system access. This occurs when a Web Admin user on the local network manipulates the POST /REST/UpdateJRE request payload. The issue involve...

CVE-2025-62775

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

EUVD-2025-35312

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

CVE-2025-62775

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password...

CVE-2025-62775

CVE-2025-62775 affects Mercku M6a devices up to firmware version 2.1.0, where the web admin password can be used to gain root TELNET access. The connected documents consistently describe root access via TELNET enabled by the web admin password, indicating a high-severity impact (per CVSS 3.1 vect...