PT-2026-24731

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

Cisco Unified Contact Center Express 跨站脚本漏洞

Cisco Unified Contact Center Express is a customer relationship management component within the unified communication solutions offered by Cisco. This component supports features such as self-service voice services, call assignment, and customer access control. Cisco Unified Contact Center Expres...

PT-2026-24819

Name of the Vulnerable Software and Affected Versions OliveTin versions 3000.10.2 and earlier Description OliveTin allows access to predefined shell commands through a web interface. In versions 3000.10.2 and earlier, the live EventStream broadcasts execution events and action output to...

CVE-2025-36226

CVE-2025-36226 affects IBM Aspera Faspex 5.0.0 through 5.0.14.3. A cross-site scripting flaw allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: improper handling of input in the Web UI. I...

GO-2026-4614 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

Siemens SIMATIC S7-1500 Device Stored Cross-Site Scripting Vulnerability

SIMATIC S7-1500 is an industrial controller from Siemens. A stored cross-site scripting vulnerability exists in the Siemens SIMATIC S7-1500, which can be exploited by an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in a web interface...

PT-2026-24411

Name of the Vulnerable Software and Affected Versions Aruba AOS-CX affected versions not specified Description A critical authentication bypass flaw exists in Aruba AOS-CX switches. This flaw allows an unauthenticated remote attacker to reset administrator passwords through the web management...

Siemens多款产品 跨站脚本漏洞

SIMATIC S7-1500 is an industrial controller from Siemens. A stored cross-site scripting vulnerability exists in the Siemens SIMATIC S7-1500, which can be exploited by an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in a web interface...

Siemens SIMATIC

SUMMARY SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the...

PT-2026-24467

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.2 Description OliveTin provides access to predefined shell commands through a web interface. When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename for these logs ...

EUVD-2025-208453

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

DEBIAN-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

EUVD-2025-208380

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

EUVD-2025-208381

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767 Signature bypass on update upload

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767 Signature bypass on update upload

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...