Lucene search
K

1020 matches found

Cvelist
Cvelist
added 2026/01/15 12:0 a.m.22 views

CVE-2025-65349

A Stored Cross-Site Scripting XSS vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at...

0.0023EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Cisco Identity Services Engine (cisco-sa-ise-xss-9TDh2kx)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the...

4.8CVSS6AI score0.00238EPSS
Exploits0References3
NVD
NVD
added 2026/01/14 5:16 p.m.10 views

CVE-2025-37183

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

7.2CVSS0.00404EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS 8 that stems from a command injection vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

7.2CVSS6AI score0.01122EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.8 views

CVE-2023-4332

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file...

7.5CVSS6.8AI score0.00496EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.8 views

CVE-2023-4325

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities...

9.8CVSS6.9AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.4 views

CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...

9.8CVSS6.9AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:11 p.m.14 views

CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

9CVSS7.8AI score0.63797EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:9 p.m.7 views

CVE-2018-18882

A stored cross-site scripting XSS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface...

5.4CVSS5.7AI score0.00746EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.11 views

CVE-2021-33963

China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/macaddrclone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

10CVSS7.8AI score0.03071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.7 views

CVE-2021-33964

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/setfirewalllevel which receives parameters by POST request, and the parameter firewalllevel has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

8.8CVSS7.8AI score0.02871EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.9 views

CVE-2020-10669

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

7.5CVSS7.1AI score0.03463EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.9 views

CVE-2023-31927

An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface...

5.3CVSS6.5AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.9 views

CVE-2021-27418

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTM...

6.1CVSS6.2AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:43 a.m.7 views

CVE-2022-42457

Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches runupdate in /usr/bin/gxserve-update.sh e.g., command execution can occur via a reverse shell installed by install.sh...

9.1CVSS7.2AI score0.02237EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2026/01/09 12:0 a.m.2 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC), a virtual device for collecting user authentication data, allows attackers to carry out XSS attacks.

The vulnerability of the Cisco Identity Services Engine ISE web interface and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious act...

5.5CVSS5.9AI score0.00196EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/07 9:51 a.m.6 views

CVE-2013-6918

The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests...

5.8CVSS7.4AI score0.01227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.12 views

CVE-2019-7315

Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability 4.x versions exist only...

7.5CVSS7.1AI score0.11198EPSS
Exploits1References1
OSV
OSV
added 2025/12/30 6:15 p.m.4 views

CVE-2025-15258

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

6.1CVSS5.5AI score0.00221EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/17 12:31 a.m.5 views

EUVD-2025-203852

A vulnerability in the web interface of the Güralp Fortimus Series, Minimus Series and Certimus Series allows an unauthenticated attacker with network access to send specially-crafted HTTP requests that can cause the web service process to deliberately restart. Although this mechanism limits the...

6.9CVSS6.5AI score0.0034EPSS
Exploits0References3
Rows per page
Query Builder