16824 matches found
CVE-2025-48862
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted...
SUSE CVE-2025-54424
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...
CVE-2024-53946
The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery CSRF on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in...
KuWFi 4G AC900 安全漏洞
KuWFi 4G AC900 is a WiFi router from KuWFi China. A security vulnerability exists in the KuWFi 4G AC900 version 1.0.13, which originates from a command injection in the HTTP API endpoint that could lead to full system control...
PT-2025-33324 · Cisco · Cisco Secure Firewall Management Center (Fmc)
Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center FMC Software affected versions not specified Description: A vulnerability exists in the web-based management interface of Cisco Secure Firewall Management Center FMC Software that could allow an...
PT-2025-33339 · Cisco · Cisco Secure Firewall Management Center (Fmc)
Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remo...
PT-2025-33338 · Cisco · Cisco Secure Fmc
Name of the Vulnerable Software and Affected Versions: Cisco Secure FMC Software affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain...
PT-2025-33337 · Cisco · Cisco Secure Fmc
Name of the Vulnerable Software and Affected Versions: Cisco Secure FMC Software affected versions not specified Description: A vulnerability exists in the web-based management interface of Cisco Secure FMC Software that could allow an authenticated, low-privileged, remote attacker to access...
PT-2025-33140 · Ctrlx Os · Ctrlx Os
Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: Ambiguous wording in the web interface of the setup mechanism could lead a user to believe that the backup file is encrypted when a password is set. However, only the private key – if...
CVE-2024-53946
The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery CSRF on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in...
CVE-2025-50608
Netis WF2880 (v2.1.40207) has a buffer overflow in FUN_00471994 of cgitest.cgi. The vulnerability can be triggered by supplying a crafted wl_base_set value in the payload, causing a crash and potential Denial of Service. Affected component is the FUN_00471994 function; root cause is insufficient ...
Cisco IOS XE Software Web Based Management Interface (cisco-sa-webui-multi-ARNHM4v6)
According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected...
CVE-2025-36000
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...
CVE-2025-32932
An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...
CVE-2025-32932
An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...
CVE-2025-33023
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions, RUGGEDCOM ROX MX5000RE All versions, RUGGEDCOM ROX RX1400 All versions, RUGGEDCOM ROX RX1500 All versions, RUGGEDCOM ROX RX1501 All versions, RUGGEDCOM ROX RX1510 All versions, RUGGEDCOM ROX RX1511 All versions, RUGGEDCOM R...
CVE-2025-33023
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions, RUGGEDCOM ROX MX5000RE All versions, RUGGEDCOM ROX RX1400 All versions, RUGGEDCOM ROX RX1500 All versions, RUGGEDCOM ROX RX1501 All versions, RUGGEDCOM ROX RX1510 All versions, RUGGEDCOM ROX RX1511 All versions, RUGGEDCOM R...
CVE-2025-33023
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions, RUGGEDCOM ROX MX5000RE All versions, RUGGEDCOM ROX RX1400 All versions, RUGGEDCOM ROX RX1500 All versions, RUGGEDCOM ROX RX1501 All versions, RUGGEDCOM ROX RX1510 All versions, RUGGEDCOM ROX RX1511 All versions, RUGGEDCOM R...
PT-2025-32649 · Unknown · Ruggedcom Rox Mx5000 +8
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROX MX5000 affected versions not specified RUGGEDCOM ROX MX5000RE affected versions not specified RUGGEDCOM ROX RX1400 affected versions not specified RUGGEDCOM ROX RX1500 affected versions not specified RUGGEDCOM ROX RX1501 affecte...
PT-2025-32878 · Fortinet · Fortisoar
Name of the Vulnerable Software and Affected Versions: FortiSOAR versions 6.4 through 7.6.1 Description: An improper neutralization of input during web page generation 'cross-site scripting' exists. The web interface may allow an authenticated remote attacker to perform a cross-site scripting XSS...