16821 matches found
CVE-2025-20330
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...
CVE-2025-35452
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface...
CVE-2025-35452 Pan-Tilt-Zoom cameras default administrative credentials for web interface
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface...
CVE-2025-35452 Pan-Tilt-Zoom cameras default administrative credentials for web interface
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface...
CVE-2025-35452
PTZOptics and ValueHD-based PTZ cameras are affected by an insufficient authentication issue affecting the administrative web interface. The vulnerability stems from default, shared credentials and weak access controls for the /cgi-bin/param.cgi path, enabling remote, unauthenticated access to se...
CVE-2025-56498
An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...
Cisco Evolved Programmable Network Manager Information Disclosure (cisco-sa-epnm-info-dis-zhPPMfgz)
The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by an information disclosure vulnerability. A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to...
PTZOptics PT12X-LINK-4K-xx 安全漏洞
The PTZOptics PT12X-LINK-4K-xx is a camera from PTZOptics, Inc. A security vulnerability exists in the PTZOptics PT12X-LINK-4K-xx that stems from the management web interface using default sharing credentials...
TOTOLINK N600R Command Injection Vulnerability
The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that originates from...
Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored XSS (cisco-sa-ucs-kvmsxss-6h7AnUyk)
According to its self-reported version, Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting is affected by a vulnerability. - A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC...
CVE-2025-6685
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
CVE-2025-2694
The CVE-2025-2694 issue affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. A cross-site scripting vulnerability in the Web UI allows a privileged user to embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. ...
CVE-2025-2694 IBM Sterling B2B Integrator cross-site scripting
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI...
CVE-2025-2694 IBM Sterling B2B Integrator cross-site scripting
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI...
IBM Concert Software Cross-Site Scripting Vulnerability
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A cross-site scripting vulnerability exists in IBM Concert Software, which can b...
TOTOLINK X5000R 命令注入漏洞
TOTOLINK X5000R is a wireless router supporting Wi-Fi 6 technology with full coverage mesh system and dual-band transmission for home and business network environments. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the parameter pid in the file...
CVE-2025-9934 TOTOLINK X5000R cstecgi.cgi sub_410C34 command injection
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415B20250515. This affects the function sub410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and...
CVE-2025-20330
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...
CVE-2025-20330
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...
CVE-2025-20287
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based...