Lucene search
K

16821 matches found

Cvelist
Cvelist
added 2025/08/27 12:0 a.m.8 views

CVE-2025-50428

In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter...

0.01626EPSS
Exploits2References2
CVE
CVE
added 2025/08/27 12:0 a.m.18 views

CVE-2025-50985

CVE-2025-50985 affects diskover-web v2.3.0 Community Edition. The vulnerability is described as multiple reflected cross-site scripting (XSS) flaws in the web interface caused by unsanitized GET parameters (including maxage, maxindex, index, path, q, and doctype) that are echoed into the HTML res...

5.6CVSS6.2AI score0.00224EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.4 views

PT-2025-34893 · Cisco · Cisco Ucs Manager

Name of the Vulnerable Software and Affected Versions: Cisco UCS Manager Software affected versions not specified Description: A vulnerability exists in the web-based management interface that could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack agains...

5.4CVSS5.2AI score0.00207EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.4 views

PT-2025-34891 · Cisco · Cisco Ucs Manager

Name of the Vulnerable Software and Affected Versions: Cisco UCS Manager Software affected versions not specified Description: Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative...

6.5CVSS7.6AI score0.01242EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-2361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component We...

5.3CVSS3.7AI score0.00486EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-13124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary...

8.8CVSS7.6AI score0.04626EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-17536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary...

8.8CVSS8.4AI score0.02005EPSS
Exploits0References3
NVD
NVD
added 2025/08/26 5:15 p.m.3 views

CVE-2025-36729

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...

7.2CVSS0.00409EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/26 4:26 p.m.9 views

CVE-2025-36729 RACOM M!DGE2 Privilege Escalation via SDK Testing Endpoint

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...

7.2CVSS0.00409EPSS
Exploits0References1
CVE
CVE
added 2025/08/26 4:26 p.m.15 views

CVE-2025-36729

The connected sources confirm CVE-2025-36729 concerns RACOM M!DGE2 devices where a non-primary administrator with web-interface rights (no shell access) can view device configuration, exposing the master admin password, and can escalate to shell access with root gid. The root cause is improper pe...

7.2CVSS6.5AI score0.00409EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/26 12:0 a.m.2 views

CVE-2025-50975

IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...

5.4AI score0.00283EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34793 · Ubiquiti · Ubiquiti Unifi

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A non-primary administrator user with admin rights to the web interface, but without shell access permissions, can view the device configuration, including the master admin password. This also allo...

7.2CVSS7.1AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34808 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The web-based firewall interface firewall.cgi fails to sanitize several rule parameters, including PROT, SRC PORT, TGT PORT, dnatport, key, ruleremark, src addr, std net tgt, and tgt addr. This allows an...

5.4CVSS5.6AI score0.00283EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.6 views

PT-2025-34744

Name of the Vulnerable Software and Affected Versions: egOS WebGUI affected versions not specified Description: The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass...

9.8CVSS6.5AI score0.00491EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-7178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program...

8.8CVSS8.3AI score0.04036EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/24 3:14 a.m.5 views

CVE-2025-41452

Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions...

6.8CVSS7.2AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.4 views

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

9.8CVSS7.7AI score0.00616EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.3 views

CVE-2022-31491

Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this t...

10CVSS8AI score0.0075EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2014-4722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or...

4.3CVSS5.4AI score0.02347EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-7557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. CVE-2017-7557 Note that Nessus relies o...

8.8CVSS7.7AI score0.00807EPSS
Exploits0References2
Rows per page
Query Builder