16830 matches found
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...
📄 iDempiere WebUI 12.0.0.202508171158 CSV Injection
A CSV injection vulnerability exists in iDempiere WebUI version 12.0.0.202508171158. A CSV Injection vulnerability exists in iDempiere WebUI v12.0.0.202508171158. The application fails to properly sanitize user-supplied input before including it in exported CSV files. An authenticated attacker ca...
CVE-2025-55299
VaulTLS has an authentication issue prior to 0.9.1: user accounts created via the User web UI may have an empty (non-NULL) password, enabling login with an empty password. This is exacerbated by API login still working after frontend password checks were disabled. The vulnerability is fixed in 0....
CVE-2025-36088
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...
CVE-2025-26709
There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-20301
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-20148
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...
CVE-2025-20306
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...
CVE-2025-20302
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-7664
CVE-2025-7664 — WordPress AL Pack plugin is vulnerable due to a missing capability check in the check_activate_permission() callback for the REST API endpoint /wp-json/presslearn/v1/activate. The vulnerability allows unauthenticated attackers to activate premium features by spoofing the Origin he...
CVE-2024-53946
The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery CSRF on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in...
CVE-2025-36088
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...
CVE-2025-36088 IBM TS4500 cross-site scripting
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...
CVE-2025-36088
CVE-2025-36088 affects IBM TS4500 and IBM Diamondback Tape Library web GUIs. The issue is a cross-site scripting flaw in the web interface that lets an authenticated user embed arbitrary JavaScript, potentially altering functionality and exposing credentials within a trusted session. Affected ver...
CVE-2025-26709 Unauthorized Access Vulnerability in ZTE F50
There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
PT-2025-33507 · Ibm · Ibm Ts4500
Name of the Vulnerable Software and Affected Versions: IBM TS4500 versions 1.10.00-F00, 1.11.0.0-D00, 1.11.0.1-C00, and 1.11.0.2-C00 Description: The IBM TS4500 web GUI is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code into the Web UI, potentially...
IBM TS4500 跨站脚本漏洞
The IBM TS4500 is a scalable tape library from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM TS4500 versions 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00, which stems from the presence of cross-site scripting in the web interface that could...
CVE-2025-20301
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-20302
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
CVE-2025-20306
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...