Lucene search
K

16824 matches found

Positive Technologies
Positive Technologies
added 2025/09/01 12:0 a.m.5 views

PT-2025-35491

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leadin...

5.4CVSS5.7AI score0.00166EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/01 12:0 a.m.4 views

PT-2025-35490

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leadin...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References5
NVD
NVD
added 2025/08/31 10:15 a.m.6 views

CVE-2025-9725

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

8.8CVSS0.00321EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/31 10:2 a.m.2 views

CVE-2025-9725 Cudy LT500E Web shadow hard-coded password

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

2.5CVSS6.1AI score0.00321EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/31 10:2 a.m.8 views

CVE-2025-9725 Cudy LT500E Web shadow hard-coded password

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

2.5CVSS0.00321EPSS
Exploits1References5
CVE
CVE
added 2025/08/31 10:2 a.m.14 views

CVE-2025-9725

CVE-2025-9725 – Cudy LT500E Web shadow hard-coded password . The vulnerability affects LT500E devices up to firmware 2.3.12, in the Web Interface’s /squashfs-root/etc/shadow function, allowing use of a hard-coded password. Exploitation is local, with high attack complexity and reported exploitabi...

8.8CVSS4.1AI score0.00321EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/31 12:0 a.m.4 views

PT-2025-35404

Name of the Vulnerable Software and Affected Versions Cudy LT500E versions prior to 2.3.13 Description A vulnerability exists in Cudy LT500E up to version 2.3.12. The issue resides in an unknown function within the /squashfs-root/etc/shadow file of the Web Interface component, leading to the use ...

8.8CVSS3.9AI score0.00321EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.4 views

CVE-2025-50975

IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...

5.4CVSS5.9AI score0.00283EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.6 views

CVE-2025-50428

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...

9.8CVSS7.6AI score0.01626EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.5 views

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

5.4CVSS6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.4 views

CVE-2025-20348

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

5CVSS6.7AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.5 views

CVE-2025-20296

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

5.4CVSS5.2AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.6 views

CVE-2025-20342

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

5.4CVSS5.9AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.4 views

CVE-2025-36729

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...

7.2CVSS7AI score0.00409EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-41088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web...

9.3CVSS7.5AI score0.00519EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/29 1:32 a.m.10 views

CVE-2025-9603 Telesquare TLR-2005KSH internet.cgi command injection

A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The...

6.5CVSS0.07575EPSS
Exploits1References5
CVE
CVE
added 2025/08/29 1:32 a.m.16 views

CVE-2025-9603

CVE-2025-9603 pertains to the Telesquare TLR-2005KSH device running version 1.2.4. The vulnerability is in an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg, where manipulating the Hostname argument can lead to a remote command injection. Public exploitation has been disclosed....

9.8CVSS6.4AI score0.07575EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/29 12:0 a.m.2 views

Cisco UCS Fabric Interconnects Command Injection (cisco-sa-ucs-multi-cmdinj-E4Ukjyrz)

According to its self-reported version, Cisco Unified Computing System UCS Fabric Interconnect is affected by multiple vulnerabilities. - Vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative...

6.5CVSS6.4AI score0.01242EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/28 9:31 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/http is an a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and C...

8.7CVSS7AI score0.00697EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/28 7:2 p.m.9 views

CVE-2025-9580 LB-LINK BL-X26 HTTP set_blacklist os command injection

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...

6.5CVSS0.06729EPSS
Exploits1References5
Rows per page
Query Builder