Lucene search
K

1020 matches found

Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29560

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...

6.5CVSS6.2AI score0.00549EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29554

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

4.8CVSS6.2AI score0.00237EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 3:15 a.m.2 views

CVE-2026-5177

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...

8.8CVSS0.02404EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/25 11:49 p.m.2 views

CVE-2026-34055 OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 12:30 a.m.5 views

EUVD-2026-12685

A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...

5.1CVSS4.1AI score0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 12:0 a.m.10 views

CVE-2026-30695

The CVE-2026-30695 entry concerns a Cross-Site Scripting (XSS) vulnerability in the web-based configuration interface of Zucchetti Axess access control devices (models XA4, X3/X3BIO, X4, X7, XIO / i-door / i-door+). The issue is caused by improper sanitization of user-supplied input in the dirBro...

6.1CVSS5.8AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 6:57 p.m.29 views

CVE-2026-0835

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alterin...

5.4CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 12:32 p.m.9 views

CVE-2026-3943

CVE-2026-3943 affects H3C ACG1000-AK230. The vulnerability is a remote command-injection in an unknown part of /webui/?aaa_portal_auth_local_submit caused by manipulation of the argument suffix. Exploitation is possible without authentication and can be executed remotely; exploit details are publ...

7.5CVSS6.7AI score0.40802EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.8 views

CVE-2025-70225

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component...

9.8CVSS6.1AI score0.00485EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.9 views

EUVD-2026-9444

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

10CVSS6.4AI score0.27551EPSS
Exploits4References2
NVD
NVD
added 2026/03/04 6:16 p.m.13 views

CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

10CVSS0.33898EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 1:17 p.m.5 views

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

6.1CVSS5.9AI score0.00196EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:24 p.m.4 views

CVE-2026-20091

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of...

4.8CVSS5.7AI score0.0017EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.10 views

PT-2026-21799

Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to SQL Injection through its main web interface. Successful exploitation may allow attackers to execute code remotely. The vulnerability does not...

9.8CVSS5.8AI score0.00538EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.10 views

PT-2026-21800

Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to OS command injection through a field in its MMadmServ web interface. This allows attackers to potentially execute remote code. The vulnerabilit...

9.8CVSS5.9AI score0.01433EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/23 4:26 p.m.5 views

CVE-2026-27513 Tenda F3 CSRF in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

5.1CVSS5.2AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.5 views

PT-2026-21531

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...

5.1CVSS5.1AI score0.00102EPSS
Exploits0References4
NCSC
NCSC
added 2026/02/06 9:22 a.m.9 views

Vulnerability fixed in Cisco Meeting Management

Cisco has fixed a vulnerability in Cisco Meeting Management. The vulnerability is in the Certificate Management feature of Cisco Meeting Management, which contains incorrect input validation within the Web-based management interface. This allows authenticated remote attackers to upload arbitrary...

8.8CVSS5.7AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2023-38017

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.3CVSS4.9AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 12:2 a.m.5 views

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...

4.8CVSS3.8AI score0.00223EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder