CVE-2025-63422

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request...

GHSA-7F5H-V6XP-FCQ8 vulnerabilities

Vulnerabilities for packages: open-webui, reflex, mlflow, kserve, k8s-sidecar...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.4.13, which stems from the Views page of...

PT-2025-44540

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

PT-2025-44541

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

PT-2025-44497

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.2 Description Nagios XI versions prior to 2024R1.1.2 have a flaw where authorization checks are absent when the 'Allow Insecure Logins' option is active. This allows any user to generate valid login...

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R1.0.2, which originates from an Apache web user or back-end shell user executable command that could result i...

CVE-2025-63422

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request...

CVE-2025-63422

CVE-2025-63422: Affected product is Each Italy Wireless Mini Router WIRELESS-N 300M (v28K.MiniRouter.20190211). The vulnerability is improper access control in the Web management interface that allows an attacker to arbitrarily change the administrator username and password by sending a crafted G...

PT-2025-44464

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2.1.6 Description Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS issues through the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validati...

PT-2025-44536

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2012R2.6 Description Nagios XI is susceptible to cross-site scripting XSS through the Tools Menu of its web interface. Insufficient validation or escaping of user-supplied input could allow an attacker to inject and...

CVE-2025-34316

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

CVE-2025-34303

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNOREENTRYREMARK parameter when adding a whitelisted host. When a whitelisted host is added, an HTTP POST...

CVE-2025-34301

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34314

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...

CVE-2025-60800

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request...

CVE-2024-45161

A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution...

EUVD-2025-36523

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...

EUVD-2025-36518

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

EUVD-2025-36516

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS...