Lucene search
K

16821 matches found

Cvelist
Cvelist
added 2025/09/22 12:0 a.m.7 views

CVE-2025-57433

The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint /cwi/ajaxrequest/getdata.php, an authenticated attacker even with a low-privileged account like guest can retrieve the hashed passwords for the...

0.00337EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/22 12:0 a.m.2 views

CVE-2025-57431

The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and...

7.3AI score0.00324EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.4 views

PT-2025-38729

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.15.5 Description The web interface of the device contains a flaw that allows information disclosure. An authenticated attacker, even with limited privileges such as a guest account, can obtain hashed passwords for admin,...

6.5CVSS6.4AI score0.00337EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.8 views

CVE-2025-43953

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen...

0.07119EPSS
Exploits0References2
CVE
CVE
added 2025/09/22 12:0 a.m.14 views

CVE-2025-43953

CVE-2025-43953 affects the 2wcom IP-4c device running version 2.16. The web interface is vulnerable: admin and manager users can execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. The vulnerability is exposed over the network (CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H...

8.8CVSS7.4AI score0.07119EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.4 views

LB-LINK BL-AC2100 安全漏洞

LB-LINK BL-AC2100 is a wireless Wi-Fi 6 router from China Bilink LB-LINK. A security vulnerability exists in LB-LINK BL-AC2100 1.0.3 and earlier versions, which originates from the improper handling of parameter Type in the delshrpath function of the /goform/setdelshrpathcfg file in the Web...

9CVSS8.9AI score0.03717EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.3 views

PT-2025-38748

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.16 Description The web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. The affected functionality is accessible through the web interface. Th...

8.8CVSS7.7AI score0.07119EPSS
Exploits0References4
CVE
CVE
added 2025/09/22 12:0 a.m.27 views

CVE-2025-57431

The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The underlying issue is that the update mechanism does not validate the integrity of the manual.sh script, allowing an attacker to inject arbitrary ...

8.8CVSS7.3AI score0.00324EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/22 12:0 a.m.3 views

CVE-2025-43953

In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen...

7.4AI score0.07119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.9 views

PT-2025-38749

Name of the Vulnerable Software and Affected Versions Sound4 PULSE-ECO AES67 version 1.22 Description The web-based management interface is susceptible to Remote Code Execution RCE through a malicious firmware update package. The system does not properly validate the integrity of the manual.sh...

8.8CVSS7.3AI score0.00324EPSS
Exploits1References4
Gitee
Gitee
added 2025/09/21 10:50 p.m.92 views

geminabox

It is an offensive tool for RubyGem hosting. The repository contains a simple RubyGem hosting system called Gem in a Box. It allows users to host their own RubyGems, and it includes features such as user authentication, gem versioning, and a web interface for browsing and downloading gems. The to...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/21 12:11 a.m.15 views

CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...

6.5CVSS8.2AI score0.03316EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/19 12:0 a.m.2 views

CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...

7.8AI score0.03316EPSS
Exploits1References3
CVE
CVE
added 2025/09/19 12:0 a.m.39 views

CVE-2025-57296

The CVE-2025-57296 entry concerns Tenda AC6 router firmware 15.03.05.19. The formSetIptv function handles /goform/SetIPTVCfg requests and, when processing list and vlanId, uses a sub_ADBC0 helper that concatenates user-supplied values into nvram set system commands via doSystemCmd without validat...

6.5CVSS7.8AI score0.03316EPSS
In wildExploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/18 10:28 p.m.12 views

CVE-2025-37128

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state...

6.8CVSS6.9AI score0.00294EPSS
Exploits0References1
NCSC
NCSC
added 2025/09/18 12:2 p.m.11 views

Vulnerabilities fixed in HPE Aruba Networking EdgeConnect SD-WAN Gateways

HPE has fixed vulnerabilities in HPE Aruba Networking EdgeConnect SD-WAN Gateways. The vulnerabilities are in the command-line interface and Web API of the HPE Aruba Networking EdgeConnect SD-WAN Gateways. These vulnerabilities allow authenticated attackers to execute arbitrary system commands wi...

8.8CVSS7.5AI score0.00599EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/18 8:43 a.m.7 views

UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting

Overview UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-8153 RyotaK of GMO Flatt Security Inc. reported this vulnerability to NEC Corporation and coordinated. After the coordination was completed, NEC...

6.1CVSS6.7AI score0.00311EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/18 12:0 a.m.12 views

JVN#95938761: UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting

UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-8153 Impact If a...

5.1CVSS6.7AI score0.00311EPSS
Exploits0
CVE
CVE
added 2025/09/17 7:31 p.m.17 views

CVE-2025-37122

CVE-2025-37122 is an unauthenticated reflected XSS vulnerability in the web-based management interface of network access control services (e.g., HPE Aruba ClearPass). The flaw allows an attacker to craft a link that, when visited by a victim, executes arbitrary JavaScript in the context of the af...

6.1CVSS6.1AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/17 7:31 p.m.2 views

CVE-2025-37122 Unauthenticated Reflected Cross-Site Scripting

A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting XSS attack. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in a victim's browse...

6.1CVSS6.1AI score0.00235EPSS
Exploits0References1
Rows per page
Query Builder