16821 matches found
CVE-2025-50428
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...
CVE-2025-50985
CVE-2025-50985 affects diskover-web v2.3.0 Community Edition. The vulnerability is described as multiple reflected cross-site scripting (XSS) flaws in the web interface caused by unsanitized GET parameters (including maxage, maxindex, index, path, q, and doctype) that are echoed into the HTML res...
PT-2025-34893 · Cisco · Cisco Ucs Manager
Name of the Vulnerable Software and Affected Versions: Cisco UCS Manager Software affected versions not specified Description: A vulnerability exists in the web-based management interface that could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack agains...
PT-2025-34891 · Cisco · Cisco Ucs Manager
Name of the Vulnerable Software and Affected Versions: Cisco UCS Manager Software affected versions not specified Description: Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative...
Linux Distros Unpatched Vulnerability : CVE-2025-2361
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component We...
Linux Distros Unpatched Vulnerability : CVE-2020-13124
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2017-17536
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary...
CVE-2025-36729
A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...
CVE-2025-36729 RACOM M!DGE2 Privilege Escalation via SDK Testing Endpoint
A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...
CVE-2025-36729
The connected sources confirm CVE-2025-36729 concerns RACOM M!DGE2 devices where a non-primary administrator with web-interface rights (no shell access) can view device configuration, exposing the master admin password, and can escalate to shell access with root gid. The root cause is improper pe...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...
PT-2025-34793 · Ubiquiti · Ubiquiti Unifi
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A non-primary administrator user with admin rights to the web interface, but without shell access permissions, can view the device configuration, including the master admin password. This also allo...
PT-2025-34808 · Ipfire · Ipfire
Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The web-based firewall interface firewall.cgi fails to sanitize several rule parameters, including PROT, SRC PORT, TGT PORT, dnatport, key, ruleremark, src addr, std net tgt, and tgt addr. This allows an...
PT-2025-34744
Name of the Vulnerable Software and Affected Versions: egOS WebGUI affected versions not specified Description: The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass...
Linux Distros Unpatched Vulnerability : CVE-2017-7178
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program...
CVE-2025-41452
Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions...
CVE-2022-43110
Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...
CVE-2022-31491
Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this t...
Linux Distros Unpatched Vulnerability : CVE-2014-4722
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or...
Linux Distros Unpatched Vulnerability : CVE-2017-7557
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. CVE-2017-7557 Note that Nessus relies o...