16821 matches found
Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM Software and Cisco Unified CM Session Management Edition SME Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected device...
CVE-2025-33082
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-56498
An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...
PT-2025-35810
Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM Software and Cisco Unified CM Session Management Edition SME Software affected versions not specified Description: A vulnerability exists in the web-based management interface that could allow a...
PT-2025-35812
Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager IM & Presence Service affected versions not specified Description: A vulnerability exists in the web-based management interface that could allow an unauthenticated, remote attacker to conduct a cross-site...
PT-2025-35807
Name of the Vulnerable Software and Affected Versions: Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure affected versions not specified Description: A vulnerability exists in the web-based management interface that could allow an authenticated, remote attacker to...
Linux Distros Unpatched Vulnerability : CVE-2019-15043
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the...
CVE-2025-6685
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
CVE-2025-6685
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
CVE-2025-6685
ATEN eco DC contains a missing authorization flaw in its web-based interface that can enable privilege escalation. The issue arises from not validating the assigned user role when handling requests, allowing an attacker with network access to escalate privileges to restricted resources; authentic...
CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
Linux Distros Unpatched Vulnerability : CVE-2018-8007
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings...
CVE-2025-0656
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-33082 IBM Concert Software cross-site scripting
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-33083
CVE-2025-33083 affects IBM Concert Software 1.0.0–1.1.0. An authenticated user can inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: cross-site scripting in the web interface. Impact is described as credential exposure...
PT-2025-35490
Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leadin...
IBM Concert Software 跨站脚本漏洞
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A cross-site scripting vulnerability exists in IBM Concert Software, which can b...
PT-2025-35491
Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leadin...
CVE-2025-9725
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...