CVE-2025-37170 Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

CVE-2025-37169

CVE-2025-37169 affects the AOS-10 web-based management interface of a Mobility Gateway; a stack overflow could allow an authenticated attacker to execute arbitrary code as a privileged OS user. Evidence across connected advisories confirms the issue is in ArubaOS (AOS-10) web management, with rem...

CVE-2026-0405

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin...

CVE-2026-0405

CVE-2026-0405 affects NETGEAR Orbi devices: an authentication bypass allows users on the local network to access the router web interface with admin privileges. Exploitation requires local network access (attack vector: adjacent, low complexity, no user interaction). Impact per metrics is HIGH fo...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS 8 that stems from a command injection vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

PT-2026-2455

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

PT-2026-2454

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...

PT-2026-2458

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

PT-2026-2339

Name of the Vulnerable Software and Affected Versions SAP Identity Management affected versions not specified Description The SAP Identity Management REST interface has a flaw due to inadequate input handling. An authenticated administrator can submit malicious REST requests that are processed by...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS 8 that stems from a command injection vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS that stems from a command injection vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

CUPS: Local denial-of-service via cupsd.conf update and related issues

A flaw was found in cups. A user in group defined by SystemGroup directive in /etc/cups/cups-files.conf can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write...

PT-2026-3440

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description A flaw exists in the setWiFiBasicCfg function within the /cgi-bin/cstecgi.cgi file of the affected software. This issue is a buffer overflow that occurs when processing the ssid paramete...

CVE-2023-43843

Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request...

CVE-2023-43844

Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator privileges...

CVE-2023-43848

Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request...

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

CVE-2023-4332

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file...

CVE-2023-4323

Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup...

CVE-2023-4325

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities...