CVE-2025-14105 TOZED ZLT M30S/ZLT M30S PRO Web proc_post denial of service

A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/procpost of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOTDEVICE can lead to denial of service. The attack can...

CVE-2025-14105 TOZED ZLT M30S/ZLT M30S PRO Web proc_post denial of service

A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/procpost of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOTDEVICE can lead to denial of service. The attack can...

EUVD-2025-201494

A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/procpost of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOTDEVICE can lead to denial of service. The attack can...

CVE-2025-14105

TOZED ZLT M30S and ZLT M30S PRO (firmware 1.47/3.09.06) Web Interface vulnerability in /reqproc/proc_post allows manipulation of the goformId argument with input REBOOT_DEVICE to trigger a denial of service. Impact is limited to the local network; exploit publicly disclosed. Vendor has not respon...

PT-2025-49313

Name of the Vulnerable Software and Affected Versions TOZED ZLT M30S and ZLT M30S PRO versions 1.47/3.09.06 Description A flaw exists in the Web Interface component of TOZED ZLT M30S and ZLT M30S PRO. The issue is related to the manipulation of the goformId argument with the input REBOOT DEVICE...

CVE-2025-66561

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

CVE-2025-66561

CVE-2025-66561 affects SysReptor (Syslifters) prior to version 2025.102, exposing an authenticated Stored Cross-Site Scripting (XSS) vulnerability. An attacker can upload malicious JavaScript in the web UI, and execute it in the context of other logged-in users. The issue is fixed in 2025.102. Ex...

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-10285

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-1545

CVE-2025-1545 is a WatchGuard Fireware OS XPath Injection affecting Firebox with at least one authentication hotspot configured. The issue allows remote, unauthenticated retrieval of configuration data via an exposed authentication/management web interface. Affected versions: 11.11–11.12.4+541730...

CVE-2025-1545 WatchGuard Firebox XPath Injection Vulnerability in Web CGI

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least...

CVE-2025-10285 Simplcity Device Manager exposes NTLMv2 hash

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

CVE-2025-10285 Simplcity Device Manager exposes NTLMv2 hash

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

open-webui is Vulnerable to Incorrect Access Control

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...

CVE-2025-29846

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages...

EUVD-2025-201172

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages...

PT-2025-49165

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.11 through 11.12.4+541730 WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description A remote...

Synology DiskStation Manager和Synology Unified Controller 缓冲区错误漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of China-based Synology, Inc.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS to...