Lucene search
K

16821 matches found

RedhatCVE
RedhatCVE
added 2025/09/05 6:18 p.m.13 views

CVE-2025-20330

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

6.1CVSS6.1AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 6:15 p.m.6 views

CVE-2025-35452

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface...

9.2CVSS5.8AI score0.00794EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/05 5:49 p.m.6 views

CVE-2025-35452 Pan-Tilt-Zoom cameras default administrative credentials for web interface

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface...

9.8CVSS0.00794EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/09/05 5:49 p.m.2 views

CVE-2025-35452 Pan-Tilt-Zoom cameras default administrative credentials for web interface

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface...

9.8CVSS6.6AI score0.00794EPSS
Exploits1References5
CVE
CVE
added 2025/09/05 5:49 p.m.18 views

CVE-2025-35452

PTZOptics and ValueHD-based PTZ cameras are affected by an insufficient authentication issue affecting the administrative web interface. The vulnerability stems from default, shared credentials and weak access controls for the /cgi-bin/param.cgi path, enabling remote, unauthenticated access to se...

9.8CVSS6.6AI score0.00794EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/05 12:34 a.m.13 views

CVE-2025-56498

An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...

5.3CVSS7.7AI score0.01722EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.2 views

Cisco Evolved Programmable Network Manager Information Disclosure (cisco-sa-epnm-info-dis-zhPPMfgz)

The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by an information disclosure vulnerability. A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to...

6.5CVSS5.7AI score0.00287EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.8 views

PTZOptics PT12X-LINK-4K-xx 安全漏洞

The PTZOptics PT12X-LINK-4K-xx is a camera from PTZOptics, Inc. A security vulnerability exists in the PTZOptics PT12X-LINK-4K-xx that stems from the management web interface using default sharing credentials...

9.8CVSS6.8AI score0.00794EPSS
Exploits1References5
CNVD
CNVD
added 2025/09/05 12:0 a.m.5 views

TOTOLINK N600R Command Injection Vulnerability

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that originates from...

9.8CVSS7.7AI score0.02997EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.2 views

Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored XSS (cisco-sa-ucs-kvmsxss-6h7AnUyk)

According to its self-reported version, Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting is affected by a vulnerability. - A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC...

5.4CVSS5.9AI score0.00205EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/09/04 8:31 p.m.6 views

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS7.2AI score0.00654EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 2:43 p.m.15 views

CVE-2025-2694

The CVE-2025-2694 issue affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. A cross-site scripting vulnerability in the Web UI allows a privileged user to embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. ...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/09/04 2:43 p.m.3 views

CVE-2025-2694 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 2:43 p.m.6 views

CVE-2025-2694 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI...

4.8CVSS0.00173EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

IBM Concert Software Cross-Site Scripting Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A cross-site scripting vulnerability exists in IBM Concert Software, which can b...

6.1CVSS6.2AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.4 views

TOTOLINK X5000R 命令注入漏洞

TOTOLINK X5000R is a wireless router supporting Wi-Fi 6 technology with full coverage mesh system and dual-band transmission for home and business network environments. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the parameter pid in the file...

9.8CVSS7.5AI score0.03738EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/09/03 10:32 p.m.7 views

CVE-2025-9934 TOTOLINK X5000R cstecgi.cgi sub_410C34 command injection

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415B20250515. This affects the function sub410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and...

6.5CVSS0.03738EPSS
Exploits1References6
OSV
OSV
added 2025/09/03 6:15 p.m.5 views

CVE-2025-20330

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

6.1CVSS6AI score
Exploits0References1
NVD
NVD
added 2025/09/03 6:15 p.m.18 views

CVE-2025-20330

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

6.1CVSS0.00236EPSS
Exploits0References1
OSV
OSV
added 2025/09/03 6:15 p.m.2 views

CVE-2025-20287

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based...

8.8CVSS5.9AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder