16812 matches found
CVE-2026-27517
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user...
CVE-2025-67445
TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...
CVE-2025-67445
TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...
CVE-2026-27520
Binardat 10G08-0800GSM network switch firmware versions before V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Since Base64 is reversible, an attacker with cookie access can recover the plaintext password. Affected product/v...
CVE-2026-27517 Binardat 10G08-0800GSM Network Switch XSS
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user...
CVE-2026-27517 Binardat 10G08-0800GSM Network Switch XSS
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user...
CVE-2026-27517
CVE-2026-27517 affects Binardat 10G08-0800GSM network switch firmware up to version V300SP10260209. The flaw stems from unsanitized user input in the web interface, enabling an attacker to inject and execute arbitrary JavaScript within an authenticated user’s context (XSS). The CVE details do not...
CVE-2026-23678 Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker wi...
CVE-2026-23678
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 expose a command-injection vulnerability in the traceroute diagnostic function of the web management interface. An authenticated attacker with web UI access can inject the %1a character into the hostname parameter to ...
CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
CVE-2026-1772
CVE-2026-1772 concerns the RTU500 web interface, where an unprivileged user can read user management information. The vulnerability does not require UI access and can be exploited via browser developer tools, with no user interaction and network-based access. The CVSS 4.0 vector indicates: AV:N/A...
CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
EUVD-2026-8460
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
CVE-2026-1772
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...
PT-2026-21676
Name of the Vulnerable Software and Affected Versions RTU500 affected versions not specified Description An unprivileged user can read user management information through the RTU500 web interface. Accessing this information requires tools like browser development utilities and does not occur...
InSAT MasterSCADA BUK-TS SQL注入漏洞
InSAT MasterSCADA BUK-TS is an industrial automation control component developed by the Russian company InSAT. InSAT MasterSCADA BUK-TS has a SQL injection vulnerability; this vulnerability stems from SQL injections in the main web interface, which may lead to remote code execution...
CVE-2025-67445
TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...
PT-2026-21800
Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to OS command injection through a field in its MMadmServ web interface. This allows attackers to potentially execute remote code. The vulnerabilit...
PT-2026-21799
Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to SQL Injection through its main web interface. Successful exploitation may allow attackers to execute code remotely. The vulnerability does not...