Lucene search
K

16830 matches found

Cvelist
Cvelist
added 2025/08/19 12:0 a.m.7 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

0.00667EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/08/19 12:0 a.m.116 views

📄 iDempiere WebUI 12.0.0.202508171158 CSV Injection

A CSV injection vulnerability exists in iDempiere WebUI version 12.0.0.202508171158. A CSV Injection vulnerability exists in iDempiere WebUI v12.0.0.202508171158. The application fails to properly sanitize user-supplied input before including it in exported CSV files. An authenticated attacker ca...

7.6AI score
Exploits0
CVE
CVE
added 2025/08/18 5:36 p.m.64 views

CVE-2025-55299

VaulTLS has an authentication issue prior to 0.9.1: user accounts created via the User web UI may have an empty (non-NULL) password, enabling login with an empty password. This is exacerbated by API login still working after frontend password checks were disabled. The vulnerability is fixed in 0....

9.4CVSS7.1AI score0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/17 8:12 p.m.7 views

CVE-2025-36088

IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4CVSS6.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/17 11:7 a.m.9 views

CVE-2025-26709

There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...

5.7CVSS6.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 5:25 p.m.13 views

CVE-2025-20301

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...

6.5CVSS6.8AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 5:25 p.m.6 views

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

8.5CVSS7AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 5:25 p.m.9 views

CVE-2025-20306

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...

4.9CVSS8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 5:25 p.m.11 views

CVE-2025-20302

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...

4.3CVSS7AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2025/08/16 3:38 a.m.27 views

CVE-2025-7664

CVE-2025-7664 — WordPress AL Pack plugin is vulnerable due to a missing capability check in the check_activate_permission() callback for the REST API endpoint /wp-json/presslearn/v1/activate. The vulnerability allows unauthenticated attackers to activate premium features by spoofing the Origin he...

7.5CVSS5.9AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/16 12:16 a.m.13 views

CVE-2024-53946

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery CSRF on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in...

8.8CVSS7.6AI score0.00586EPSS
Exploits0References1
OSV
OSV
added 2025/08/15 8:15 p.m.3 views

CVE-2025-36088

IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4CVSS5.4AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/15 7:19 p.m.15 views

CVE-2025-36088 IBM TS4500 cross-site scripting

IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2025/08/15 7:19 p.m.27 views

CVE-2025-36088

CVE-2025-36088 affects IBM TS4500 and IBM Diamondback Tape Library web GUIs. The issue is a cross-site scripting flaw in the web interface that lets an authenticated user embed arbitrary JavaScript, potentially altering functionality and exposing credentials within a trusted session. Affected ver...

5.4CVSS6.5AI score0.00166EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/15 10:35 a.m.5 views

CVE-2025-26709 Unauthorized Access Vulnerability in ZTE F50

There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...

5.7CVSS6.7AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.7 views

PT-2025-33507 · Ibm · Ibm Ts4500

Name of the Vulnerable Software and Affected Versions: IBM TS4500 versions 1.10.00-F00, 1.11.0.0-D00, 1.11.0.1-C00, and 1.11.0.2-C00 Description: The IBM TS4500 web GUI is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code into the Web UI, potentially...

5.4CVSS6AI score0.00166EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.4 views

IBM TS4500 跨站脚本漏洞

The IBM TS4500 is a scalable tape library from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM TS4500 versions 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00, which stems from the presence of cross-site scripting in the web interface that could...

5.4CVSS6AI score0.00166EPSS
Exploits0References3
NVD
NVD
added 2025/08/14 5:15 p.m.4 views

CVE-2025-20301

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...

6.5CVSS0.00334EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 5:15 p.m.7 views

CVE-2025-20302

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...

4.3CVSS0.00269EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 5:15 p.m.8 views

CVE-2025-20306

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...

4.9CVSS0.00344EPSS
Exploits0References1
Rows per page
Query Builder